SweX 871 Posted June 4, 2014 Posted June 4, 2014 (edited) ESET Analyzes First Android File-Encrypting, TOR-enabled Ransomware Last weekend saw the (somewhat anticipated) discovery of an interesting mobile trojan – the first spotting of a file-encrypting ransomware for Android by our detection engineers. Let’s put this all into perspective, so we know what we’re dealing with here… hxxp://www.welivesecurity.com/2014/06/04/simplocker/ Analysed Sample SHA1: 808df267f38e095492ebd8aeb4b56671061b2f72 https://www.virustotal.com/en/file/8a918c3aa53ccd89aaa102a235def5dcffa047e75097c1ded2dd2363bae7cf97/analysis/ Edited June 4, 2014 by SweX
SweX 871 Posted June 6, 2014 Author Posted June 6, 2014 Gotta love Tor Thanks for the links You're very welcome
SweX 871 Posted June 6, 2014 Author Posted June 6, 2014 Android malware: how to keep your device safe from filecoders (and everything else) When ESET researchers analyzed the first file-encrypting Trojan to demand a ransom from Android users via a control centre hidden on the anonymized Tor Network, the malware was “somewhat anticipated”, ESET malware researcher Robert Lipovsky writes. The malware Android/Simplocker, available as a bogus app, seems at present to be a proof-of-concept rather than a fully-fledged attack ready for mass release. hxxp://www.welivesecurity.com/2014/...ice-safe-from-filecoders-and-everything-else/
SweX 871 Posted June 19, 2014 Author Posted June 19, 2014 (edited) Simplocker ransomware: New variants spread by Android downloader apps Since our initial discovery of Android/Simplocker we have observed several different variants. The differences between them are mostly in: Tor usage – some use a Tor .onion domain, whereas others use a more conventional C&C domain.Different ways of receiving the “decrypt” command, indicating that the ransom has been paid.Different nag screens, different ransoms (and different currencies as well – we’ve seen Ukrainian hryvnias as well as Russian rubles).Use of imagery – some display a photo of the victim taken with the phone’s camera to increase the scareware factor. hxxp://www.welivesecurity.com/2014/06/19/simplocker-new-variants/ Android/TrojanDownloader.FakeApp: 979020806f6fcb8a46a03bb4a4dcefcf26fa6e4c https://www.virustotal.com/en/file/41b4dbc8cb144145c9eea8b0e4c9c9da3102ff42500923067ba32a5acfcaa858/analysis/ Edited June 19, 2014 by SweX
SweX 871 Posted June 30, 2014 Author Posted June 30, 2014 UPDATE: Our developers have created ESET Simplocker Decryptor, an easy-to-use tool to decrypt files that have been encrypted by Simplocker. To install the application, please download it from Virus Radar with your device or scan the QR code below. To install the app, you must allow installation from Unknown Sources (Settings -> Security -> Unknown Sources). hxxp://www.welivesecurity.com/2014/06/25/simplocker-new-variants/
Recommended Posts