SLocker is a piece of Android malware that has been around since 2017. The threat attempts to operate like a ransomware threat, but, in reality, its functionality is limited severely. Users whose devices get infiltrated by the SLocker may see a message saying that their device's contents have been encrypted, and the only way to restore them is to pay a ransom fee for the decryption service. Thankfully, SLocker is not able to harm any of your data – however, it does cause a major inconvenience by making it impossible to access your home screen, therefore rendering your phone or tablet useless. Needless to say, this is a weighty problem since recovering from the SLocker's attack might require the use of special software that will allow the Android device to boot in safe mode, therefore preventing SLocker from launching.
An Old Android Ransomware Resurfaces with a Coronavirus-Themed Propagation Campaign
Although SLocker's activity has been low since its release relatively, it has picked up pace in the past two months by posing as a fake Coronavirus application hosted on the Google Play Store. The fake application, titled 'Koronavirus Haqida,' was found on the Google Play Store, so it is safe to assume that the attackers were able to bypass Google's security mechanisms. The application's title is in Uzbek, and it translates to 'About Coronavirus.' Once the threatening application is installed and opened, it may ask the user to provide it with various permissions – if the required conditions are met, the SLocker module will be initialized, and the users will be locked out of their devices.
The lock screen contains a message written in Uzbek – it says that the victims have 20 minutes to purchase the unlock code and enter it; otherwise, their devices may end up being damaged permanently. The message goes on by saying that the user can obtain an unlock code by calling +998 998 910 312. The good news is that the unlock code is the same as the phone number, except for the '+' sign – this means that this variant of SLocker can be unlocked by entering ' 998 998 910 312' as the unlock code. However, this will only stop SLocker from working, and it will still be installed on the device – it is recommended to complete its removal with the help of a suitable Android anti-malware application.
Many malware families became more active with the spread of the Coronavirus since their authors opted to take advantage of the popularity of the topic to spread their threatening applications. We advise you to be extra careful whenever you engage with online content related to the Coronavirus – cybercriminals use fake attachments, documents, downloads, and programs to deliver unsafe malware like SLocker.