SLocker ransomware comes back: Android users are at risk

The online community started talking about SLocker ransomware in the middle of 2016. Last summer this tricky Android malware began its attacks against companies and corporate data. This cyber infection became famous for three reasons: it was the first mobile malware that can actually encrypt files; it was found pre-installed on Android devices,[1] and it managed to swindle about 10 million dollars[2] from thousands of victims. For a while, malware has been inactive, and the whole online community was hoping that it was gone for good. However, months of silence only meant that developers were planning a comeback. Security company Wandera[3] has discovered about 400 unique versions of SLocker. Unfortunately, malware has returned and became even more dangerous.

SLocker ransomware has been updated

The discovered samples of ransomware are stronger and more powerful. Developers upgraded malware with new functions and made it harder to detect. SLocker hasn’t changed its target field and still aims at the business sector. On the affected device it starts data encryption and locks various files, such as photographies, pictures, audio, video or text files. Apart from corrupting the files, it also locks smartphone’s or tablet’s screen and displays a ransom-demanding message where cyber criminals threaten to delete all data unless victim transfers the ransom. Some of the new versions can also get full access to the phone and get administrative rights. As a result, cyber criminals can access phone’s camera, speakers, and microphone.

SLockers spreads as an obfuscated health apps, media players, and other free applications. Malicious apps are available to download on various third-party websites and stores. Recently discovered variants also have updated icons. For instance, malicious app’s icon was a red circle, and this image has been changed to the picture of Iron Man.[4] However, numerous other fake apps with unique icons might be lurking on unauthorized online sources. People have never been advised to download apps outside of Google Play store. Security experts often remind about all possible threats, but users still risk to install a bogus app and lose their personal files.

Currently, there might be about 3000 different versions of SLockers ransomware. According to the Wandera, regular security software cannot recognize this sophisticated virus yet. Thus, the best way to protect yourself from this cyber threat is to stay away from the third-party app stores and do not download apps from unknown websites.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions