Eset: ‘New Android ransomware can encrypt SD card files’

Security firm Eset has said it has noticed ransomware for the Android platform that scans the contents of an SD card and then encrypts certain files. As far as we know, it is the first Android trojan to do such a thing.

Slovakian Eset discovered the trojan for the mobile operating system last weekend. The program scans files on an SD card and then encrypts them. The owner of the smartphone is then notified that he watches ‘perverted things’ such as child pornography and that he has to pay to unlock his device. Whoever does not pay would lose the data.

The trojan has been named Android/Simplocker.A by Eset and sends, among other things, the imei number to a central command & control server. That server can control the malware remotely and uses a .onion domain to make tracking more difficult. The app can encrypt jpg, doc and mp4 files, among other things, using AES.

Eset says the application, Sex xionix, is not on Google Play and is believed to be a proof-of-concept or work in progress. According to researcher Robert Lipovsky, the encryption used is “not close to the well-known Cryptolocker on Windows”.

Although the arrival of ransomware to smartphones in general and the Android platform in particular is not new, according to Eset it is the first time that Android ransomware encrypts files ‘completely’. The well-known Reveton ransomware that first appeared on Android last month, for example, did not yet do so.