14 DAY TRIAL // Security researchers at Trend Micro warn that Android smartphones are currently attacked by a new version of the SLocker ransomware that uses an interface similar to the one of WannaCry, the malware that infected thousands of systems in May.
The security company says that SLocker typically comes bundled into cheating tools for Android games, video players, and other popular programs, attempting to replace the wallpaper on the phone and to change its icon after compromising a device.
The ransomware doesn’t go after system files, which is a bit surprising, but instead chooses to encrypt files that have suffixes, such as text files, photos and videos that are larger than 10KB and smaller than 50MB. Once a device is infected, SLocker gives users three different options to pay, threatening to increase the ransom as more time passes since the malware was deployed on the device. Eventually, encrypted files would be completely deleted after 7 days.
Easy to decrypt
It appears that the payments are processed through Chinese service QQ and files are encrypted with a randomly generated number plus value 520. Trend Micro says that it shouldn’t be too difficult for security experts to decrypt the files, though it’s pretty clear that it’s not something that the average Joe would do.
SLocker is one of the oldest forms of Android ransomware and first resurfaced this May, though this is the first time the malware is spotted using the interface of the more popular WannaCry.
“The proliferation of new variants so quickly after the first one shows that these malicious actors are not slowing down. Even though a suspect was caught, more advanced ransomware may be just around the corner,” Trend Micro explains.
As usual, in order to avoid getting your device infected, you should not download software from untrusted sources. Furthermore, creating backups and running security applications could also help, especially given the growing number of threats that are even making their way to the Google Play Store.