An Android ransomware, SLocker’s source code is revealed by a security researcher who has published it online and has also urged for help to develop it further.
The researcher has said that he has attained the source code through reversing a sample of ransomware for which he has used a pseudonym fs0c1ety. He has released the code on GitHub mentioning that it’s not the original code and is for the purpose of research only.
SLocker was the first Android ransomware that was spotted in 2015. Trend Micro has analyzed the SLocker family earlier this month in which they have said, “SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom”.
bluehost® helps big brands scale WordPress.
BlueHost: Get Professional Website Hosting For 3.95/MonthTry BlueHost Now
However, they have also pointed out towards the identification of new ransomware in June.
This ransomware makes the device inaccessible and encrypts all the files through operating in the background. Trend Micro explains that the ransomware falsely presents itself as a game guide, video player or a similar app so that the users are more likely to download it.
According to the analysis, “When installing for the first time, its icon looks like a normal game guide or cheating tool. Once the ransomware runs, the app will change the icon and name, along with the wallpaper of the infected device.”
The analysis says that the ransomware mainly focuses on downloaded files and pictures instead of encrypting system files and only encrypts the files which contain suffixes (text files, pictures, videos). ExecutorService (a way for Java to run asynchronous tasks) is used by the thread when it finds a file fulfilling all the requirements.
“The new task will use a method named ‘getsss’ to generate a cipher based on the previously generated random number. This method computes the MD5 of the random number and selects 16 characters as a string from the hexadecimal representation of the MD5.
“After the string is generated, the ransomware will feed it to SecretKeySpec to construct the final key for AES before using AES to encrypt files,” the analysis says.
How To Avoid It
- Remain vigilant about the apps in your android phone. For instance, there are some apps that you haven’t downloaded but they are present in your phone. Therefore, turn off the option of “Allow installation of apps from sources other than the playstore” from the setting.
- Always avoid using public Wi-Fi as they are likely to exploit vulnerability into your device.
- Turn off your Wi-Fi when it is not being used. Also follow appropriate measures to secure your Wi-Fi connection.
- Don’t ignore the App updates which are pending on your device. These updates are launched with the security patches that could avoid most security threats.
- Avoid opening the emails from unknown or illegitimate sources.
- Official looking emails could also cause security vulnerability such as Phishing. Therefore, you must check URLs and if they are not visible in advance than you better not open those mails.
- Never click to the illegitimate or unnecessary links received in a text message or MMS.