Eset identify Android exploit to prove you were right to be paranoid about the Android

Following on from last week’s spate of I phone hijackings now it’s the turn of the Android mobile device to be the focus of attention. Eset Antivirus announcement of the discovery of the Symplocker Trojan, which according to reports encrypts the devices HD card before demanding a ransom of £40 which is a bargain when compared to the £400 being demanded by CryptoLocker. The victim is required to pay using the Monexy Ewallet service, Unlike CryptoLocker that demands payment in Bit coin which remains the currency of choice for the cyber criminal. Doubtless we will soon be seeing ads from Russian Uber Cyber Criminal, fugitive and current number one on the FBIs most wanted list, Evgeniy Mikhailovich Bogachev exclaiming from the cot pit of his luxury yacht “Monexy Ewallet I never leave home without it”.

A future article will give an account of the rise of Bit coin and the repercussions good and bad.

The new malware would appear to be a step up from last year’s Ransom ware the fake AV Android Defender and although according to Robert Lipovsky an Eset Antivirus researcher it is likely the present form is proof of concept rather than a full blown attack on the Android community, thus far infections have been restricted to Eastern Europe.

When the ransom ware is installed it says:

WARNING your phone is locked! The device is locked for viewing and distribution child pornography, zoophilia and other perversions. To unlock you need to pay 260 UAH. 1. Locate the nearest payment kiosk. 2. Select MoneXy 3. Enter {REDACTED}. 4. Make deposit of 260 Hryvnia [about $22], and then press pay. Do not forget to take a receipt! After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!”

Symplocker is looking for jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, and mp4 files to encrypt and hold hostage, and it’s not clear that the files actually get restored once a user pays the ransom. A post from the security company Sophos says that the malware can be removed manually by rebooting into safe mode, but the encrypted files will be gone forever. It might also be possible to find the decryption key for the files within the malware itself, but it would be complicated.

The advice from your favourite Haywards Heath IT support company is that if you have an Android phone make sure that you’re backing up your files and that you’re staying away from anything that may be dubious Google Play. It is well to remember Malware can lurk anywhere.

Cyber criminals are increasingly looking to exploit the explosion of mobile devices and so we need to stay one step ahead by for instance installing Antivirus software such as Eset Mobile Security on our Android devices. The advent of bring your own device (BYOD) has meant that the security flaws in these devices are no longer just a problem to the owner of the device, businesses need to understand that by allowing these devices onto the network they are creating additional in routes for potential threats. As such businesses should actively be taking extra steps to protect themselves by stepping up security and gaining an understanding of the issues.

Tamite run regular IT Security seminars in the Haywards Heath, Sussex and Surrey areas, to provide our clients with a basic understanding of the issues Cybercrime presents and what we can do to protect ourselves.

Leave a Reply

Your email address will not be published. Required fields are marked *