Simplocker is a mobile trojan, one of the first of its kind, that targets Android mobile devices.
This malware scans the resident SD card for certain file types
(.jpeg, .jpg, .png, .bmp, .gif, .pdf, .doc, .docx, .txt, .avi, .mkv, .3gp, .mp4),
encrypts these files using AES, and then demands a ransom from the user in exchange for the decryption of these ransomed files.
The result is that, until this ransom is paid, users are unable to access their personal files (pictures, downloads, songs, etc.)
-
If the Trojan finds any of these files, it encrypts them and attaches the following extension to the files: .encoded
-
It then gives instructions on how the user can pay a ransom fee to unlock the device and decrypt the files.
-
The Trojan may also connect to the following remote location: 185.14.29.9/1/?1
-
The Trojan may also activate the device's camera and display an image of the user within the ransom note.