Home » Cyber Security » Guides » Android Ransomware, SLocker’s Source Code Revealed Online

Android Ransomware, SLocker’s Source Code Revealed Online

Disclosure: All of our articles are unbased, well researched, and based on a true picture of the story. However we do sometimes get commissions from affiliate sites. Our readers get the best discount from buying from our links. Here is our complete affiliate disclosure.

Android ransomware, SLocker’s source code, is revealed by a security researcher who has published it online and has also urged help to develop it further.

The researcher has said that he has attained the source code by reversing a ransomware sample for which he has used a pseudonym fs0c1ety. He has released the code on GitHub, mentioning that it’s not the original code and is for research only.

SLocker was the first Android ransomware that was spotted in 2015. Trend Micro has analyzed the SLocker family earlier this month. They have said, “SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies convince victims to pay their ransom.”

However, they have also pointed out the identification of new ransomware in June.

This ransomware makes the device inaccessible and encrypts all the files by operating in the background. Trend Micro explains that the ransomware falsely presents itself as a game guide, video player, or similar app so that the users are more likely to download it.

According to the analysis, “When installing for the first time, its icon looks like a normal game guide or cheating tool. Once the ransomware runs, the app will change the icon and name, along with the wallpaper of the infected device.”

The analysis says that ransomware mainly focuses on downloaded files and pictures instead of encrypting system files and only encrypts the files which contain suffixes (text files, pictures, videos). ExecutorService (a way for Java to run asynchronous tasks) is used by the thread when it finds a file fulfilling all the requirements.

“The new task will use ‘getsss’ to generate a cipher based on the previously generated random number. This method computes the MD5 of the random number and selects 16 characters as a string from the hexadecimal representation of the MD5.

“After the string is generated, the ransomware will feed it to SecretKeySpec to construct the final key for AES before using AES to encrypt files,” the analysis says.

How To Avoid It

  • Remain vigilant about the apps in your android phone. For instance, there are some apps that you haven’t downloaded but they are present in your phone. Therefore, turn off the option of “Allow installation of apps from sources other than the playstore” from the setting.
  • Always avoid using public Wi-Fi as they are likely to exploit vulnerability into your device.
  • Turn off your Wi-Fi when it is not being used. Also follow appropriate measures to secure your Wi-Fi connection.
  • Don’t ignore the App updates which are pending on your device. These updates are launched with the security patches that could avoid most security threats.
  • Avoid opening the emails from unknown or illegitimate sources.
  • Official looking emails could also cause security vulnerability such as Phishing. Therefore, you must check URLs and if they are not visible in advance than you better not open those mails.
  • Never click to the illegitimate or unnecessary links received in a text message or MMS.
Photo of author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.

Leave a Comment