Well it appears that this is exactly what someone has done to the Android world. The new malware discovered by the team at ESET and dubbed Android/Simplocker digs into your SD card and encrypts files there. The file types appear to be similar to pictures, documents, along with music and video files these are encrypted using a form of AES encryption and the extension is changed to .enc. In addition to screwing up your files the nasty little bug also grabs information about your phone (IMEI number etc.) and sends it back to command and control servers Via the TOR network (using HTTP/HTTPS).
How it is being spread is not fully known, but the installation appears to be a manual one. This means that it is most likely coming in through a poisoned application. Right now the ransom is fairly small at around $21, but this could change quickly as it did with CryptoLocker. There is both good news and bad news about this new bit or mobile malware, right now files are easily recovered if you have a backup of some sort (Google’s built in backup or third party). It also seems that this new bit of code is very immature, ESET even described it as being like a proof of concept. This means that it could become more sophisticated and develop new “features” that could prevent or limit the effects of a backup.
We have said before that the mobile world is an open book to malware developers and we could be seeing the beginnings of a new and very nasty trend. Considering the massive lack of real malware protection (or real security) on all mobile phones we are actually surprised that this has taken this long. It is also not surprising that this new malware hit the streets shortly after Apple had their own bout with ransomeware…
Tell us what you think in our Forum