Android/Simplocker [Threat Name] go to Threat

Android/Simplocker.A [Threat Variant Name]

Available cleaner [Download Simplocker Decryptor ]

Category trojan
Size 4917678 B
Detection created Jun 01, 2014
Signature database version 675
Signature Android db version 1675
Aliases Android.Locker.2.origin (Dr.Web)
Short description

Android/Simplocker.A is a trojan that encrypts files on local drives. The trojan collects various sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan must be downloaded and manually installed.

Information stealing

Android/Simplocker.A is a trojan that steals sensitive information.


The trojan collects the following information:

  • IMEI number
  • device model
  • manufacturer of the product/hardware
  • operating system version

The trojan attempts to send gathered information to a remote machine.

Other information

Android/Simplocker.A is a trojan that encrypts files on local drives.


The trojan displays the following message:

The trojan searches for files with the following file extensions:

  • *.jpeg
  • *.jpg
  • *.png
  • *.bmp
  • *.gif
  • *.pdf
  • *.doc
  • *.docx
  • *.txt
  • *.avi
  • *.kmv
  • *.3gp
  • *.mp4

The trojan encrypts the file content. The AES encryption algorithm is used.


The extension of the encrypted files is changed to:

  • .enc

To decrypt files, the user is asked to send information/certain amount of money via the MoneXy payment service.


The trojan acquires data and commands from a remote computer or the Internet.


It communicates via the TOR anonymity network. The HTTP, HTTPS protocol is used. The trojan contains a list of (4) URLs.

Please enable Javascript to ensure correct displaying of this content and refresh this page.