Android/Simplocker [Threat Name] go to Threat
Android/Simplocker.I [Threat Variant Name]
Available cleaner [Download Simplocker Decryptor ]
| Category | trojan |
| Size | 488400 B |
| Detection Android db version | 1806 |
| Aliases | HEUR:Trojan-Ransom.AndroidOS.Pletor.a (Kaspersky) |
| Android.Locker.2.origin (Dr.Web) |
Short description
Android/Simplocker.I is a trojan that encrypts files on local drives. The trojan collects various sensitive information. The trojan attempts to send gathered information to a remote machine.
Installation
The trojan must be downloaded and manually installed.
The trojan disguises itself as the Video Player application.
Information stealing
Android/Simplocker.I is a trojan that steals sensitive information.
The trojan collects the following information:
- IMEI number
- the list of installed software
The trojan attempts to send gathered information to a remote machine.
Other information
Android/Simplocker.I is a trojan that encrypts files on local drives.
The trojan displays the following message:
The trojan searches for files with the following file extensions:
- *.jpeg
- *.jpg
- *.png
- *.bmp
- *.gif
- *.doc
- *.docx
- *.txt
- *.avi
- *.kmv
- *.3gp
- *.mp4
- *.zip
- *.7z
- *.rar
The trojan encrypts the file content. The AES encryption algorithm is used.
The extension of the encrypted files is changed to:
- .encoded
To decrypt files, the user is asked to send information/certain amount of money via the MoneyPak payment service.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a URL address. The HTTP protocol is used.
It may perform the following actions:
- capture webcam video/voice