Report: Return of so called ‘polymorphic’ malware uncovered through new machine learning techniques

SAN FRANCISCO, May 10, 2017, 9:00 ET – Wandera, the Enterprise Mobile Security provider, has detected the resurgence of a malicious strain of malware that many experts once thought was headed toward extinction.

Famous for infecting thousands of Android mobile devices in 2016, SLocker is malicious ransomware used to hold employees’ personal and corporate data hostage. The 2016 attacks were estimated to have resulted in tens of millions in corporate dollars being paid in ransom to recover confidential data being held by the hackers.

Wandera’s mobile threat intelligence engine MI:RIAM recently identified over 400 variations of the SLocker malware targeting mobile devices used in the enterprise through third-party app stores where rigorous security checks go by the wayside.

These ‘polymorphic’ new strains of SLocker malware have been redesigned and repackaged to avoid all known detection techniques. They use a wide variety of disguises including altered icons, variations in package names, unique resources and executable files in order to avoid being identified by a standard and static virus signature.

“Attacks against the mobile enterprise are becoming increasingly more sophisticated. In an effort to evade detection, attackers have created variations and permutations of their exploits, knowing that security tools struggle to identify each new version. As a result, defensive solutions must embrace data science and machine learning technologies in order to surface new insights and stay one step ahead of the attackers and zero-day threats,” said Michael Covington, VP of Product Strategy at Wandera.

This type of fast changing threat can only be reliably identified by machine learning technology. While traditional security engines rely on signature-based detection, MI:RIAM identifies the digital DNA of malware and other threats. This enables her to quickly uncover previously unknown threats and new variations of malware by identifying patterns and common threads between the exploits.

The power of MI:RIAM comes from her unmatched visibility into mobile data – in 2016 the gateway scanned 26 billion mobile web requests including 700,000 unique apps and over 10 million web domains.

More about SLocker

  • SLocker is a type of ransomware that works by encrypting images, documents and videos on a mobile device to later ask for ransom to decrypt files.
  • The malware is executed and runs silently without the knowledge or consent of the user to ultimately hijack the phone and block user access completely.
  • The only way to take back full control of the mobile device is to pay the ransom demanded, or risk destruction or exposure of personal and corporate data.

For more information, please visit

Media Contact:

Liarna LaPorta