Android Ransomware, SLocker’s Source Code Revealed Online

Last updated: August 9, 2023 Reading time: 3 minutes
Android Ransomware, SLocker’s Source Code Revealed Online

Android ransomware, SLocker’s source code, is revealed by a security researcher who has published it online and urged help to develop it further.

The researcher has said that he has attained the source code by reversing a ransomware sample for which he has used the pseudonym fs0c1ety. He has released the code on GitHub, mentioning that it’s not the original code and is for research only.

SLocker was the first Android ransomware that was spotted in 2015. Trend Micro analyzed the SLocker family earlier this month. They have said, “SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies convince victims to pay their ransom.”

However, they have also pointed out the identification of new ransomware in June.

This ransomware makes the device inaccessible and encrypts all the files by operating in the background. Trend Micro explains that the ransomware falsely presents itself as a game guide, video player, or similar app, making users more likely to download it.

According to the analysis, “When installing for the first time, its icon looks like a normal game guide or cheating tool. Once the ransomware runs, the app will change the icon and name, along with the wallpaper of the infected device.”

The analysis says that ransomware mainly focuses on downloaded files and pictures instead of encrypting system files and only encrypts the files which contain suffixes (text files, pictures, videos). ExecutorService (a way for Java to run asynchronous tasks) is used by the thread when it finds a file fulfilling all the requirements.

“The new task will use ‘gets’ to generate a cipher based on the previously generated random number. This method computes the MD5 of the random number and selects 16 characters as a string from the hexadecimal representation of the MD5.

“After the string is generated, the ransomware will feed it to SecretKeySpec to construct the final key for AES before using AES to encrypt files,” the analysis says.

How To Avoid It

  • Remain vigilant about the apps on your Android phone. For instance, there are some apps that you haven’t downloaded but are present on your phone. Therefore, turn off the option of “Allow installation of apps from sources other than the Play Store” from the setting.
  • Always avoid using public Wi-Fi as they are likely to exploit vulnerabilities in your device.
  • Turn off your Wi-Fi when it is not being used. Also, follow appropriate measures to secure your Wi-Fi connection.
  • Don’t ignore the App updates which are pending on your device. These updates are launched with security patches that could avoid most security threats.
  • Avoid opening emails from unknown or illegitimate sources.
  • Official-looking emails could also cause security vulnerabilities such as Phishing. Therefore, you must check URLs; if they are not visible in advance, you better not open those emails.
  • Never click on illegitimate or unnecessary links received in a text message or MMS.

Share this article

About the Author

Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.

More from Zehra Ali

Related Posts