A piece of mobile ransomware that mimics the methods of WannaCry malware has leaked online. The source code for the malicious software has been spilled to the web, allowing this “SLocker” to be downloaded and spread ad infinitum. The source code might also give security experts an easy way to ramp up protection against the malicious code – but the potential costs far outweigh the potential benefits.
What is this SLocker?
The source code for one of the most devious bits of Android malware ever is now available for download on Github. It goes by the name SLocker and it’s been in business stealing information from Android user for years. Slocker is a Ransomware Trojan, pushing itself into an Android device with one of several methods, then blocking the user from the contents of the phone unless a ransom is paid in full.
“SLocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key,” said a Checkpoint representative earlier this year. “SLocker uses Tor for its C&C communications.” The use of TOR makes tracking the source of the malware very difficult if not impossible.
What, me worry?
This malware’s use of encryption takes away the user’s ability to access their files and/or control their phone in any way. Encryption is new to mobile malware, and SLocker’s use of encryption is particularly all-encompassing. The way encryption is used here is relatively unique to SLocker – and its abilities are expanding.
While just a few versions of SLocker made headlines last year, a new mess of versions popped up just a few months ago – hundreds and hundreds of iterations. Now with the source code available the public, a new batch is likely appear in the near future.
At Wandera this May it was estimated that 400 variants of SLocker were in distribution – at least. According to Bitdefender’s Botezatu, the rise and spread of this particular malware is due largely to its psychological effects – and efficacy therein.
What’s this got to do with WannaCry?
“Its rise to the top 10 was mostly because of the frustration factor. It’s a psychological thing when people can’t get information from their smartphone,” said Botezatu in his Bitdefender-hosted paper Android Ransomware and SMS-Sensing Trojans Remain a Growing Threat. “People were willing to pay the ransom. The mobile device is more personal than the personal computer.”
This spring and summer (2017), SLocker iterations began appearing mimicking WannaCry GUI. “After laying low for a few years, [SLocker] had a sudden resurgence last May.” said Ford Qin of Trend Micro. “This particular SLocker variant is notable for being an Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak.”
What can I do to defend myself?
Several actions should become part of your must-do list when it comes to your smartphone. This is mainly for Android devices for this specific piece of malware, but several of these apply to iPhone, iPad, and Notebooks, too.
How to avoid Android malware (like SLocker):
• Do not use Wi-Fi hotspots with no password (we’re looking at you, McDonalds)
• Keep Wi-Fi turned off when out of your own home (unless your job has a secure hotspot, of course)
• Turn off “Allow installation of apps from sources other than the Play Store” in Settings – Security.
• Keep Android up to date with the latest software from Google – security updates especially. Settings – System – System Update.
• Do not open email attachments from unknown sources.
• Do not open email attachments unless you were JUST in communication with the person sending the email – ANY email can be hijacked.
• Even “official-looking” emails can contain malicious links – if you can’t see the URL in advance, you probably shouldn’t click.
• Never EVER click on links in SMS or MMS messages.
• See SlashGear’s most recent 5 (more) ways to avoid malware on Android
If you’re already the victim of WannaCry or similar ransomware, do not pay the ransom. DO NOT PAY A RANSOM TO ANY ALERT on your smartphone, and never, ever, ever call a number from an alert in your web browser – it is always going to be a scam. If you’re unsure of the situation you’re in, you’re probably looking down the barrel of a malware gun.