Android Ransomware, SLocker’s Source Code Revealed Online

Last updated: October 18, 2024 Reading time: 3 minutes
Disclosure
Share
Android Ransomware, SLocker’s Source Code Revealed Online

A security researcher has revealed the Android ransomware SLocker’s source code and published it online, urging help to develop it further.

The researcher has said that he has attained the source code by reversing a ransomware sample for which he has used the pseudonym fs0c1ety. He has released the code on GitHub, mentioning that it’s not the original code and is for research only.

SLocker and Trend Micro

SLocker was the first Android ransomware spotted in 2015. Trend Micro analyzed the SLocker family earlier this month. They said, “SLocker family is one of the oldest mobile lock screens and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom.”

However, they have also pointed out the identification of new ransomware in June.

This ransomware makes the device inaccessible and encrypts all the files by operating in the background. Trend Micro explains that the ransomware falsely presents itself as a game guide, video player, or similar app, making users more likely to download it.

According to the analysis, “When installing for the first time, its icon looks like a normal game guide or cheating tool. Once the ransomware runs, the app will change the icon and name, along with the wallpaper of the infected device.”

The analysis says that ransomware mainly focuses on downloaded files and pictures instead of encrypting system files and only encrypts files that contain suffixes (text files, pictures, videos). ExecutorService (a way for Java to run asynchronous tasks) is used by the thread when it finds a file fulfilling all the requirements.

“The new task will use ‘gets’ to generate a cipher based on the previously generated random number. This method computes the MD5 of the random number and selects 16 characters as a string from the hexadecimal representation of the MD5.

“After the string is generated, the ransomware will feed it to SecretKeySpec to construct the final key for AES before using AES to encrypt files,” the analysis says.

How to avoid it

  • Remain vigilant about the apps on your Android phone. For instance, some apps that you haven’t downloaded are present on your phone. Therefore, turn off the option “Allow installation of apps from sources other than the Play Store” from the settings.
  • Always avoid using public Wi-Fi as they are likely to exploit vulnerabilities in your device. If it is important, ensure that you are using public Wi-Fi with a VPN.
  • Turn off your Wi-Fi when it is not being used and take appropriate measures to secure your Wi-Fi connection.
  • Don’t ignore the App updates that are pending on your device. These updates are launched with security patches that could avoid most security threats.
  • Avoid opening emails from unknown or illegitimate sources.
  • Official-looking emails could also cause security vulnerabilities such as Phishing. Therefore, you must check URLs; if they are not visible in advance, you better not open those emails.
  • Never click on illegitimate or unnecessary links received in a text message or MMS.

Share this article

About the Author

Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.

More from Zehra Ali

Related Posts