SLocker Android Ransomware

This identified over 400 new SLocker variants that featured small changes, which allowed them to pass undetected by most mobile security apps. With these new 400 variants, this brings the total number of SLocker variations to over 3,000. These variations include the usage of new icons, renamed source code functions, heavy obfuscation, and the insertion of dummy code inside the app to alter its structure.

The SLocker ransomware is one of the most aggressive Android ransomware strains known. The ransomware works just like other threats. After the user installs a tainted app, SLocker starts a hidden process that starts encrypting the user's files.

Once the encryption process ends, the ransomware locks the user's device and shows a ransom note, which tries to force victims into paying, using the theme of "The Police have caught you watching forbidden adult content."

Some of the features that made SLocker stand out was that it used Tor for the C&C server communications and that it was one of the very few Android ransomware families that actually encrypted data. Most Android ransomware just restricts access to your screen, but rarely encrypts any files.