Skip to main content

Android Users Beware! New Ransomware Spreads Via SMS

If you have been using an Android smartphone, then you might know that Android is definitely not the most secure mobile operating system. Every other day, we read news about hacking attempts targeted towards the Android OS.

Android Users Beware! New Ransomware Spreads Via SMS

Recently, security researchers have discovered a new ransomware that's targeting Android smartphones. The new ransomware is spreading over to other devices via SMS. The reports from the famous security firm ESET claims that the new ransomware named Android/Filecoder.C targets only Android devices. The ransomware has been found on various Android devices running Android version 5.1 and later, and has been active since July 12, 2019.

The security firm explained that the Android/Filecoder.c ransomware is being spread through malicious posts on popular online forums like Reddit, XDA Developers, Android developers, etc. Although XDA developers removed the posts containing the malicious links but the posts on Reddit were still up there.

How Android/Filecoder.C Ransomware Works:-

The hackers would attract the victims by posting links and QR codes of malicious apps. These apps were mostly related to porn and technical topics. Once the victim clicks the hyperlinks, they are transferred to suspicious third-party app stores and they go ahead by downloading the adult apps or malicious files. If the user downloads these malicious files form the post link then the ransomware spreads via SMS containing the malicious links, which are sent to all contacts from the victim's contact list. In some cases, the link is masked using a bit.ly link. The security researchers have stated that the hackers behind this ransomware were using two servers to spread the malicious codes to the victims.

Once the victim installs the app, the app delivers what it promises. However, it silently encrypts the files stored on the smartphone with the extension ".seven". That prevents users from being able to access files on their own devices. Once encrypted, the malicious code posts a note the screen (below) warning the device owner to pay a ransom in terms of bitcoins which is usually between $94 and $188. Only after the ransom amount is paid, the code would decrypt all the files on the device. If the users do not pay the ransom within 72 hours, all the files will be deleted.

Android Users Beware! New Ransomware Spreads Via SMS

As seen in the figure, the requested ransom is partially dynamic. The first part of what will be the amount of bitcoin to be requested is hardcoded  the value is 0.01 while the remaining six digits are the user ID generated by the malware.
ESET also revealed that the malware first sends the SMS message to the contact list and then starts encrypting the files. The ransomware will leave the file encrypted if it is more than 50 MB in size.

Now, you might be wondering how did the attackers manage to attract victims? Well, they choose to post comments on popular forums. The ESET security firm said that "Mostly, the topics of the posts were porn-related alternatively, I've seen also technical topics used as an attraction. In all comments or posts on a popular online forum, the attackers included links or QR codes pointing to the malicious apps."

To maximize its reach, the ransomware picks the language that fits the target device. For that, the ransomware has the 42 language versions of the message template. Before sending the messages, it chooses the version that fits the victim device's language setting. To personalize these messages, the malware attaches the contact's name to them.

How to protect your smartphone from Ransomware:-

To avoid being a ransomware victim, users can keep their devices up to date with the latest security updates. So, make sure you install the latest software.

Users are also advised to download apps only from the Google Play Store because malware can most-likely be only found on third-party websites.

While installing apps, users should check reviews and ratings of that app and also keep an eye on the permissions granted for apps. 

Another good practice is to install antivirus software on mobile, which offers 24x7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a malicious website.

Never ever open emails or SMS and clicks URL links sent from unknown senders. If you want to learn about how to check if a link is safe to click or not then Click here.

I hope you find useful information in this article. If you have any questions related to Android/Filecoder.C ransomware then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.

Comments

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik

Facebook, Instagram and WhatsApp Down : Apps Crash For Users Worldwide Including In India

If you are facing problems with Facebook , Instagram , and WhatsApp on your device then you are not alone. Suddenly, the service of Facebook, Instagram, and WhatsApp's are facing technical problems since late evening on Wednesday. Users are facing these types of problems on Facebook :- While using Facebook, Users are facing problems in loading images, loading videos, and loading all other data across its apps while some users were unable to load photos on Facebook News Feed. On the Twitter platform, Facebook said that it is aware of the issue. Users are facing these types of problems on Instagram :- On Instagram (just like Facebook apps), the issues appear to be limited only to a certain part of the site. Many users report an issue to Instagram that their feed might not load, also it is not possible to post anything new (images, videos, stories) into it. If a user tries to post anything new (images, videos, stories) brings up an error indicat