The code of the SLocker Android malware, one of the most popular Android ransomware families, has been leaked online for free, allowing crooks to develop their own variant of the threat.
SLocker was first spotted in 2015, it is the first ransomware to encrypt Android files.
The SLocker code has been leaked on GitHub by a user who uses the online moniker “fs0c1ety,” the hacker is inviting everyone to contribute to the code and submit bug reports.
“The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom.” states fs0c1ety.
“All contributions are welcome, from code to documentation to design suggestions to bug reports. Please use GitHub to its fullest– contribute Pull Requests, contribute tutorials or other wiki content– whatever you have to offer, we can use it!”
The SLocker, aka Simple Locker, is a mobile ransomware that locks victims’ mobile devices and requests the payment of a ransom to unlock them.
The malware impersonates law enforcement agencies to convince victims to pay the ransom, it infected thousands of Android devices in 2016.
According to the experts, more than 400 new variants of the SLocker ransomware were observed in the wild in May, while in May researchers at Trend Micro found a variant mimicking the WannaCry GUI .
“This particular SLocker variant is notable for being an Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak.” reads the analysis published by Trend Micro.
“While this SLocker variant is notable for being able to encrypt files on mobile, it was quite short-lived. Shortly after details about the ransomware surfaced, decrypt tools were published. And before long, more variants were found. Five days after its initial detection, a suspect supposedly responsible for the ransomware was arrested by the Chinese police. Luckily, due to the limited transmission channels (it was spread mostly through forums like QQ groups and Bulletin Board Systems), the number of victims was very low.”
Once infected the mobile device, SLocker runs silently in the background and encrypts any kind of file on the smartphone, including images, documents, and videos.
The ransomware is also able to hijack the mobile device, making impossible for the owners to access the device.
The availability of the SLocker source code will likely increase the number of samples that will be detected in the wild in the incoming weeks.
(Security Affairs – (SLocker code, Android malware)