According to the ESET cybersecurity company’s new report, there is a new type of Android ransomware who uses SMS text messages for distribution. Malicious software appeared on July 12 and, in fact, uses to distribute lists of contacts of victims.
According to an ESET blog post, the malware is called Android / Filecoder.C. She first appeared on the Reddit Android developer forums, including the XDA Developers subreddit. In these forums, the virus was spread through pornographic messages.
Usually, the ransomware is disguised as online sex simulators, but sometimes it is also an application related to technology. After downloading, the infected .apk file initiates communication with the server to access the list of addresses, as well as to encrypt and decrypt files in the background. It then sends text messages and scans the device to encrypt files with the extension “.seven.” This prevents users from accessing files on their own device. Then, users are told that in order to decrypt their files, they must pay a ransom – usually from $ 94 to $ 188 in the form of bitcoins.
According to the report, the buyback report can be displayed in one of 42 languages, which maximizes its coverage. Malicious software can choose the language of the system so that the user can understand it. After the ransom, a key is sent to the victim so that he can decrypt the files.
Once the malware appears on the device, it can send text messages to phone contacts with a link to an application that obviously uses photos. Sometimes a link is masked with a bit.ly link.
It is important to note that if you do find a malicious program, you may not have to pay a ransom. According to ESET, although the ransom request message states that files will be deleted after 72 hours, this is not always the case. Moreover, encrypted files can be recovered without paying to intruders. On the other hand, if attackers correct the flaws, the malware can become more advanced and become a more serious threat.
So, how can you prevent the virus from entering the smartphone? Simply – do not download applications from third-party sources or click on links sent via text messages that tell you that your photos are used in the application.