There is a new threat to Android users to ransom – TeK.sapo

This Android Trojan, detected by ESET, Android / Simplocker, after failing to enter the smartphone or tablet, analyzes the SD card looking for certain types of files, encrypts them and demands a ransom for decrypt.
 IMEI of the device, among other data.
 

ESET explains that, more specifically, this malware looks for images, videos or documents with the extension jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, AVI, MKV, 3GP , MP4 and encrypts them strongly, requiring the post about 16 euros to the owner of the device for its recovery.
 IMEI of the device, among other data.
 

In addition to encrypting files, the Simplocker also contacts a server command and send some important information like IMEI of the device, among other data.
 

“The sample analyzed came in the form of an application called xionix Fri, estimating that, for now, its prevalence is still low,” says ESET in a statement, adding that this is still a proof of concept or a work in progress, not the final product.
 

Despite this, the malware is able to fully encrypt user files, which can be lost if the encryption key is not recovered. “Although malware has the functionality to decrypt the files, we strongly recommend that you do not pay up – because this will only motivate other malware authors to continue with this type of operations.”
 

Written under Orthographic new agreement