Skip to main content

Android Users Beware! New Ransomware Spreads Via SMS

If you have been using an Android smartphone, then you might know that Android is definitely not the most secure mobile operating system. Every other day, we read news about hacking attempts targeted towards the Android OS.

Android Users Beware! New Ransomware Spreads Via SMS

Recently, security researchers have discovered a new ransomware that's targeting Android smartphones. The new ransomware is spreading over to other devices via SMS. The reports from the famous security firm ESET claims that the new ransomware named Android/Filecoder.C targets only Android devices. The ransomware has been found on various Android devices running Android version 5.1 and later, and has been active since July 12, 2019.

The security firm explained that the Android/Filecoder.c ransomware is being spread through malicious posts on popular online forums like Reddit, XDA Developers, Android developers, etc. Although XDA developers removed the posts containing the malicious links but the posts on Reddit were still up there.

How Android/Filecoder.C Ransomware Works:-

The hackers would attract the victims by posting links and QR codes of malicious apps. These apps were mostly related to porn and technical topics. Once the victim clicks the hyperlinks, they are transferred to suspicious third-party app stores and they go ahead by downloading the adult apps or malicious files. If the user downloads these malicious files form the post link then the ransomware spreads via SMS containing the malicious links, which are sent to all contacts from the victim's contact list. In some cases, the link is masked using a link. The security researchers have stated that the hackers behind this ransomware were using two servers to spread the malicious codes to the victims.

Once the victim installs the app, the app delivers what it promises. However, it silently encrypts the files stored on the smartphone with the extension ".seven". That prevents users from being able to access files on their own devices. Once encrypted, the malicious code posts a note the screen (below) warning the device owner to pay a ransom in terms of bitcoins which is usually between $94 and $188. Only after the ransom amount is paid, the code would decrypt all the files on the device. If the users do not pay the ransom within 72 hours, all the files will be deleted.

Android Users Beware! New Ransomware Spreads Via SMS

As seen in the figure, the requested ransom is partially dynamic. The first part of what will be the amount of bitcoin to be requested is hardcoded  the value is 0.01 while the remaining six digits are the user ID generated by the malware.
ESET also revealed that the malware first sends the SMS message to the contact list and then starts encrypting the files. The ransomware will leave the file encrypted if it is more than 50 MB in size.

Now, you might be wondering how did the attackers manage to attract victims? Well, they choose to post comments on popular forums. The ESET security firm said that "Mostly, the topics of the posts were porn-related alternatively, I've seen also technical topics used as an attraction. In all comments or posts on a popular online forum, the attackers included links or QR codes pointing to the malicious apps."

To maximize its reach, the ransomware picks the language that fits the target device. For that, the ransomware has the 42 language versions of the message template. Before sending the messages, it chooses the version that fits the victim device's language setting. To personalize these messages, the malware attaches the contact's name to them.

How to protect your smartphone from Ransomware:-

To avoid being a ransomware victim, users can keep their devices up to date with the latest security updates. So, make sure you install the latest software.

Users are also advised to download apps only from the Google Play Store because malware can most-likely be only found on third-party websites.

While installing apps, users should check reviews and ratings of that app and also keep an eye on the permissions granted for apps. 

Another good practice is to install antivirus software on mobile, which offers 24x7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a malicious website.

Never ever open emails or SMS and clicks URL links sent from unknown senders. If you want to learn about how to check if a link is safe to click or not then Click here.

I hope you find useful information in this article. If you have any questions related to Android/Filecoder.C ransomware then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.


Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

How To Enable WhatsApp Fingerprint Lock Feature on Android

WhatsApp has officially rolled out the fingerprint lock feature for all the Android users. Most of you may already have been doing it for the last few years with the help of third-party app lockers for adding more security. Keeping that in mind and to make the process quicker and safer at the same time, WhatsApp has now launched this new fingerprint lock feature so that you can open the app by your fingerprint. It means that regardless of whether the phone is opened, others won't have the option to gain access to the messages without your fingerprint. So, you can now secure your WhatsApp conversations with an extra layer of biometric security . With this step, WhatsApp is finally offering biometric authentication to the Android app, while iPhone users enjoying both the Touch ID that is the fingerprint recognition and Face ID that is the facial recognition since the month of February 2019. WhatsApp is also giving more options with the new fingerprint lock featur

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik