Android/Simplocker [Threat Name] go to Threat

Android/Simplocker.I [Threat Variant Name]

Available cleaner [Download Simplocker Decryptor ]

Category trojan
Size 488400 B
Detection created Jul 14, 2014
Detection database version 10093
Detection Android db version 1806
Aliases HEUR:Trojan-Ransom.AndroidOS.Pletor.a (Kaspersky)
  Android.Locker.2.origin (Dr.Web)
Short description

Android/Simplocker.I is a trojan that encrypts files on local drives. The trojan collects various sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan must be downloaded and manually installed.


The trojan disguises itself as the Video Player application.

Information stealing

Android/Simplocker.I is a trojan that steals sensitive information.


The trojan collects the following information:

  • IMEI number
  • the list of installed software

The trojan attempts to send gathered information to a remote machine.

Other information

Android/Simplocker.I is a trojan that encrypts files on local drives.


The trojan displays the following message:

The trojan searches for files with the following file extensions:

  • *.jpeg
  • *.jpg
  • *.png
  • *.bmp
  • *.gif
  • *.pdf
  • *.doc
  • *.docx
  • *.txt
  • *.avi
  • *.kmv
  • *.3gp
  • *.mp4
  • *.zip
  • *.7z
  • *.rar

The trojan encrypts the file content. The AES encryption algorithm is used.


The extension of the encrypted files is changed to:

  • .encoded

To decrypt files, the user is asked to send information/certain amount of money via the MoneyPak payment service.

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a URL address. The HTTP protocol is used.


It may perform the following actions:

  • capture webcam video/voice

Please enable Javascript to ensure correct displaying of this content and refresh this page.