New Android Ransomware Spreading Through SMS

Mobile Ransomware
Mobile Ransomware

A new Android Ransomware found to infect the mobile users.

It is found by ESET Mobile security researchers, and given named to new Mobile Ransomware family as Android/Filecoder.C

The malware is spreading through online forums and it has been active since 12 July 2019. Using victims’ contact lists, it spreads further via SMS with malicious links.

According to report by Lukas Stefanko, Malware Researcher at ESET , the researchers found several related posts on Reddit, and XDA developer forum. The posts on the XDA Developers forum were removed swiftly, the malicious Reddit profile was still up at the time of publication.

How it is Spreading?

Android/Filecoder.C spreads through via SMS with malicious links, which are sent to all contacts in the victim’s contact list.

After the ransomware sends out this batch of malicious SMSes, it encrypts most user files on the device and requests a ransom.

Cyber criminals will send you Trap message as follow.

"Hello, How can they put your photos in this app, I think i need to tell you, https://maliciouslink[.]xyz/file.apk"

The above message has 42 language version. Before sending the messages, it chooses the version that fits the victim mobile device language setting.

Also Read- Ransomware And Their Types

How it Function?

When victim received the SMS message with link, they need to install it manually. After installation, the victim phone starts encrypting.

However, its main purposes are C&C communication, spreading malicious messages and implementing the encryption/decryption mechanism.

However, it doesn’t encrypt files in directories that contain the strings “.cache”, “tmp”, or “temp”.

Once the files are encrypted, the file extension change to “.seven”.

The ransomware also leaves files unencrypted if the file extension is “.zip” or “.rar” and the file size is over 51,200 KB/50 MB, and “.jpeg”, “.jpg” and “.png” files with a file size less than 150 KB.

How can we protect from Android Ransomware?

  • Always keep your devices up to date, ideally set them to patch and update automatically, so that you stay protected even if you’re not among the most security savvy users.
  • Always download from Google Play app store.
  • Do not install APK files from unknown store or any SMS and Email attachment.
  • Before installing any app, check its user ratings and reviews.
  • Always use a Mobile security solution to protect your device.

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Capital One Data Breach

Capital One Credit Card Company Hacked- Affected 106 Million Users

Next Article
Google Chrome

Chrome 76 Version Out With 43 Security Bug Fixes

Related Posts