A new Android Ransomware found to infect the mobile users.
It is found by ESET Mobile security researchers, and given named to new Mobile Ransomware family as Android/Filecoder.C
The malware is spreading through online forums and it has been active since 12 July 2019. Using victims’ contact lists, it spreads further via SMS with malicious links.
According to report by Lukas Stefanko, Malware Researcher at ESET , the researchers found several related posts on Reddit and XDA developer forum. The posts on the XDA Developers forum were removed swiftly, the malicious Reddit profile was still up at the time of publication.
How it is Spreading?
Android/Filecoder.C spreads through via SMS with malicious links, which are sent to all contacts in the victim’s contact list.
After the ransomware sends out this batch of malicious SMSes, it encrypts most user files on the device and requests a ransom.
Cyber criminals will send you Trap message as follow.
"Hello, How can they put your photos in this app, I think i need to tell you, https://maliciouslink[.]xyz/file.apk"
The above message has 42 language version. Before sending the messages, it chooses the version that fits the victim mobile device language setting.
Also Read- Ransomware And Their Types
How it Function?
When victim received the SMS message with link, they need to install it manually. After installation, the victim phone starts encrypting.
However, its main purposes are C&C communication, spreading malicious messages and implementing the encryption/decryption mechanism.
However, it doesn’t encrypt files in directories that contain the strings “.cache”, “tmp”, or “temp”.
Once the files are encrypted, the file extension change to “.seven”.
The ransomware also leaves files unencrypted if the file extension is “.zip” or “.rar” and the file size is over 51,200 KB/50 MB, and “.jpeg”, “.jpg” and “.png” files with a file size less than 150 KB.
How can we protect from Android Ransomware?
- Always keep your devices up to date, ideally set them to patch and update automatically, so that you stay protected even if you’re not among the most security savvy users.
- Always download from Google Play app store.
- Do not install APK files from unknown store or any SMS and Email attachment.
- Before installing any app, check its user ratings and reviews.
- Always use a Mobile security solution to protect your device.