If you have an Android smartphone, you need to be careful about a new family of ransomware that has been discovered. According to security researchers, the newly-found Android ransomware goes deeper into the handset via SMS messaging. Dubbed Android/Filecoder.C, the ransomware has been distributed through a number of popular online forums like XDA Developers and Reddit. In most cases, the attackers try to lure victims into downloading adult content from suspicious links and this sets the pitch for the ransomware attack. The attackers then demand a ransom between $98 to $188.
The Android/Filecoder.C ransomware was spotted by security researchers at ESET and they found that it was being transmitted via malicious apps. The links of the malicious apps were found by the researchers on forum posts that were mostly related to pornographic content. Once the user installs any of these apps, the ransomware starts spreading via SMS messages to the victim’s contact list too. The messages that are sent to the victim’s contacts contain the links to ransomware. Each of these is shown as an app that uses the pictures of the recipient. It is believed that the ransomware has been active since July 12.
Furthermore, the ransomware has the same message template available in 42 languages. So, it automatically detects the language settings of the infected device and then uses the matching template. Once the recipient clicks on the link in the message, the malicious app gets installed on his device too.
A blog post that has been published by the researchers reads, “The ransomware has the ability to send text messages, due to having access to the user’s contact list. Before it encrypts files, it sends a message to each of the victim’s contacts.”
Once the message sending process is completed by the ransomware, it goes through the files that are saved in the accessible storage and encrypts most of them. It is also worth mentioning that the app that gets the ransomware also has the command-and-control (C2) settings and Bitcoin wallet addresses. In addition to this, the attackers make use of Pastebin as a conduit to retrieve the information from the source code.
While it has been claimed that the ransomware can encrypt different file types like texts and images, it is worth mentioning that Android extensions such as .apk and .dex and compresses files like .zip and .rar are not included in it.
To avoid being attacked with this ransomware, users are recommended to only install reliable apps, that too only via the Google Play Store. In addition to this, they should avoid clicking on any unknown links and update their devices regularly.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.
