AH Virus Malware Piracy Skull Death Samsung logo 1.2

Android Simplelocker Cryto-Code Broken By University Student Undergraduate

June 17, 2014 - Written By Phil Bourget

The month of June started out with a mildly boring increase in temperature, and not much else, remember?  Well, you may have been missing the reports of a bit of malware called Android Simplelocker, as the name details, specifically designed to assault Android software.  The program is a Trojan that encrypts a user’s data (such as pictures, text files, and mp3/mp4 files), and notifies the user of the lock, and the ransom of X moneys. The software has been spotted on markedly fewer devices than the famously despicable ‘Your Phone is Locked’ garbage from Russia earlier this year, which targeted Apple iPhones, iPads, and Mac computers, locking the device until a ransom was paid.  The difference between Android Simplelocker and ‘Oleg Pliss’, besides the OSes that are targeted, is that the Android Simplelocker has a fix, and you can make it yourself!

At the University of Sussex, an undergraduate student named Simon Bell found this Trojan, and was able to dissect its code to find some good and interesting results.  First, he was able to create and compile a fix for this nasty little bit of malware.  How was he able to do this?  The program’s code contained the decryption method, as well as the decryption key itself.  Way to go, hacker.  Smart move there.  But regardless, Bell created a Java file to run that would decrypt your files for you. Bell, on his blog, wrote about how to dissect the code and make yourself an antidote to remedy your device(s) when affected.  He wrote how the process is simple, due to the inclusion of the two parts needed to do the job, and that it is a cut and paste type of job involved in creating a fix.  His thoughts on the subject are concerning though.

Bell, our hero if affected and a person to thank regardless, also believes that when or if Simplelocker gets refined and built into a full-assault, full-force digital attack weapon, the code will doubtlessly be harder to crack and solve, mainly because the decrypt key will not be included. The Simplelocker malware hasn’t been seen in any apps from Google’s Play Store, or any other app store (this is a ‘as of yet’ kind of statement).  Also, it seems likely, due to the inclusion of a key and the smaller scale of the attack, the Simplelocker program is just a proof-of-concept program, or is in the proof-of-concept stage of development.  Keep your eyes peeled, your data backed up off-device (cloud and desktop backups are useful), and your browsing vigilant, in watch for future movement of Simplelocker for Android.