The decompiled code for SLocker has been leaked on the public board GitHub. This event could lead to a dominoes effect, considering the history of the virus. SLocker is one of the most popular Android ransomware. The leak gives people the chance to create their own version of the infection.
Malware developers have already produced multiple versions of the ransomware. The breakdown of the program’s code makes it that much easier to manufacture custom builds. Security analysts are expecting a wave of new versions of SLocker to attack Android systems in the coming months.
The leak was published by a GitHub user who goes by the alias fs0c1ety. He posted the information and invited people to contribute to the code and submit bug reports.
“The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom,” reads the original post by fs0c1ety.
“All contributions are welcome, from code to documentation to design suggestions to bug reports. Please use GitHub to its fullest- contribute Pull Requests, contribute tutorials or other wiki content- whatever you have to offer, we can use it!”
SLocker, a.k.a. Simple Locker, is one of the oldest mobile ransomware. It is the first to encrypt files stored on Android devices. Its other capability is to lock the screen. SLocker was first spotted in 2015. It infected thousands of devices during 2016.
Multiple fraud artists have devised their own version of the program. According to researchers, over 400 new versions of the program have appeared in May of this year. Experts from Trend Micro have discovered a variant which mimics the WannaCry GUI.
“This particular SLocker variant is notable for being an Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak,” reads Trend Micro’s analysis.
Upon penetrating an Android device, SLocker starts encrypting files through a background process. It targets images, videos, documents, apps, and all other data storage files.
The other function of the virus is to hijack the system, making it impossible for people to access their mobile phone.
Now that the program’s decompiled code has been leaked, malware experts are expecting an outbreak of new builds to hit Android mobile devices.