Identified by researchers from antivirus firm ESET, there is a Trojan that can encrypt files on Android devices.
The new threat is dubbed Android/Simplock. This Trojan not only encrypts your files on your Android devices, but also holds the phone hostage for a ransom.
After installing, Android/Simplocker. will scan the SD card for files with any of the following image, document or video extensions: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypt them using AES [the Advanced Encryption Standard]
The malware will then display a ransom message in Russian asking for a payment.
Slovakia-based ESET said affected device owners were presented with a message saying that their phone was locked because they had viewed and distributed "child pornography , zoophilia and other perversions".
It goes on to instruct the victims to pay 260 hryvnias ($22, £13) via the Ukrainian MoneXy cash transfer system.
"After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!" it added.
The security firm said that the types of files that could be encrypted included jpeg and gif images, dox and txt text files, and mkv, avi and mp4 media.
It added that information about the infected device would also be uploaded to the server computer used by the cyber-thieves, potentially to help them ensure the right data was decrypted when a payment was received.
This server was hosted on a hidden part of the internet called Tor, Eset added, making the scam hard to trace. "Our analysis... revealed that we are most likely dealing with a proof-of-concept or a work in progress - for example, the implementation of the encryption doesn't come close to 'the infamous Cryptolocker' on Windows," wrote security researcher Robert Lipovsky. Nevertheless, the malware is fully capable of encrypting the user's files, which may be lost if the encryption key is not retrieved.
While the malware does contain functionality to decrypt the files, ESET strongly recommend against paying up - not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them.
Android/Simplocker. is in the form of an application called ‘Sex xionix’. It was not found on the official Google Play and we estimate that its prevalence is very low at this time.
Instead ESET encourage users to protect themselves against these threats using prevention and defensive measures. For example, a mobile security app such as ESET Mobile Security for Android will keep malware off your device.
It is unknown who is behind the creation of the malware. However the use of Russian language does not surprise experts as the first SMS-Trojans on Android which appeared in 2010 was Russian and Ukrainian as well.
