Wontok SafeCentral Malware Bulletin
27 January 2017
Malware Family: Android.Slocker
Android Slocker is newly identified ransomware, which is known to lock your Android device and seek a ransom fee for un-encrypting files under its control. The infection has been known to occur from websites via a Flash player update for a video file update, and via spam emails with links.
Wontok Lab Results
We observed that Wontok SafeCentral Mobile Security’s On-access and On-demand engines properly detect Android.Slocker.FE and remediate the malware, which prevents the ransomware from delivering its payload and infecting the device.
Android.Slocker ransomware was observed initially by displaying a fake FBI warning stating suspicious files had been found on the device, at the same time the smartphone’s “home” and “back” buttons were disabled. Once encryption has occurred scammers demand a $500-$1500 ransom be paid via BitCoin, PayPal or other services in order for the AES decrypting to occur.
This ransomware communicates through ‘The Onion Router’ (TOR) network to the ‘Command and Control’ (C&C) servers that issue its commands. With the ability to collect sensitive information such as its IMEI (International Mobile Equipment Identity) number and return the information to the C&C server.
Older versions of Slocker receive commands through SMS messages. With commands observed to be originating from phone numbers traced to the Ukraine and Russia.
About Wontok Lab
Wontok Lab is Wontok’s product test facility that consists of a team of security researchers in a controlled analysis and testing environment. Wontok Lab conducts rigorous tests specifically designed and tailored for each of Wontok’s security products.
About Wontok SafeCentral Security Solutions
Founded in 2005 and headquartered in Sydney, Wontok has operations in Australia, Asia and the United States, Wontok brings proven remote access and endpoint security solutions to market. Wontok designed the SafeCentral solutions to be effective against advanced malware threats on the desktop and mobile devices. SafeCentral Security Solutions includes SafeDesktop, Mobile Security, and Security Suite, all of which can be delivered via partner owned platforms or via the Wontok ONE Cloud-based VAS service delivery platform.