Home / malware Android.Simplocker
First posted on 07 June 2014.
Source: SymantecAliases :
There are no other names known for Android.Simplocker.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: org.simplelocker
Version: 1.0
Name: simplelocker
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions: Open network connectionsAccess information about networksCheck the phone's current stateStart once the device has finished bootingPrevent processor from sleeping or screen from dimmingWrite to external storage devicesRead from external storage devices
Installation
Once installed, the application will display an icon of the Google Android mascot with the text "Sex xonix"
Functionality
When the Trojan is executed, it displays a message claiming that the device has been locked as the user has been viewing illegal pornography. It then gives instructions on how the user can pay to unlock the device.
Next, the Trojan connects to the following remote location:
xeyocsu7fu2vjhxs.onion
The Trojan then scans the SD card (if one is available) on the compromised device for the following file types:.jpeg.jpg.png.bmp.gif.pdf.doc.docx.txt.avi.mkv.3gp.mp4
If the Trojan finds any of these files, it encrypts them and attaches the following extension to the files:
.encLast update 07 June 2014
