Android Users Beware! New Ransomware Spreads Via SMS

If you have been using an Android smartphone, then you might know that Android is definitely not the most secure mobile operating system. Every other day, we read news about hacking attempts targeted towards the Android OS.

Android Users Beware! New Ransomware Spreads Via SMS

Recently, security researchers have discovered a new ransomware that's targeting Android smartphones. The new ransomware is spreading over to other devices via SMS. The reports from the famous security firm ESET claims that the new ransomware named Android/Filecoder.C targets only Android devices. The ransomware has been found on various Android devices running Android version 5.1 and later, and has been active since July 12, 2019.

The security firm explained that the Android/Filecoder.c ransomware is being spread through malicious posts on popular online forums like Reddit, XDA Developers, Android developers, etc. Although XDA developers removed the posts containing the malicious links but the posts on Reddit were still up there.

How Android/Filecoder.C Ransomware Works:-

The hackers would attract the victims by posting links and QR codes of malicious apps. These apps were mostly related to porn and technical topics. Once the victim clicks the hyperlinks, they are transferred to suspicious third-party app stores and they go ahead by downloading the adult apps or malicious files. If the user downloads these malicious files form the post link then the ransomware spreads via SMS containing the malicious links, which are sent to all contacts from the victim's contact list. In some cases, the link is masked using a bit.ly link. The security researchers have stated that the hackers behind this ransomware were using two servers to spread the malicious codes to the victims.

Once the victim installs the app, the app delivers what it promises. However, it silently encrypts the files stored on the smartphone with the extension ".seven". That prevents users from being able to access files on their own devices. Once encrypted, the malicious code posts a note the screen (below) warning the device owner to pay a ransom in terms of bitcoins which is usually between $94 and $188. Only after the ransom amount is paid, the code would decrypt all the files on the device. If the users do not pay the ransom within 72 hours, all the files will be deleted.

Android Users Beware! New Ransomware Spreads Via SMS

As seen in the figure, the requested ransom is partially dynamic. The first part of what will be the amount of bitcoin to be requested is hardcoded  the value is 0.01 while the remaining six digits are the user ID generated by the malware.
ESET also revealed that the malware first sends the SMS message to the contact list and then starts encrypting the files. The ransomware will leave the file encrypted if it is more than 50 MB in size.

Now, you might be wondering how did the attackers manage to attract victims? Well, they choose to post comments on popular forums. The ESET security firm said that "Mostly, the topics of the posts were porn-related alternatively, I've seen also technical topics used as an attraction. In all comments or posts on a popular online forum, the attackers included links or QR codes pointing to the malicious apps."

To maximize its reach, the ransomware picks the language that fits the target device. For that, the ransomware has the 42 language versions of the message template. Before sending the messages, it chooses the version that fits the victim device's language setting. To personalize these messages, the malware attaches the contact's name to them.

How to protect your smartphone from Ransomware:-

To avoid being a ransomware victim, users can keep their devices up to date with the latest security updates. So, make sure you install the latest software.

Users are also advised to download apps only from the Google Play Store because malware can most-likely be only found on third-party websites.

While installing apps, users should check reviews and ratings of that app and also keep an eye on the permissions granted for apps. 

Another good practice is to install antivirus software on mobile, which offers 24x7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a malicious website.

Never ever open emails or SMS and clicks URL links sent from unknown senders. If you want to learn about how to check if a link is safe to click or not then Click here.

I hope you find useful information in this article. If you have any questions related to Android/Filecoder.C ransomware then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.

No comments:

Powered by Blogger.