A new Android ransomware strain was discovered by ESET researchers. It uses the victim's contact list to spread further using SMS messages that have malicious links.
The new strain, referred to as Android/Filecoder.C, was distributed on adult content-related topics on Reddit and for a short time via the “XDA developers” forum. The hacker behind the malicious code has been posting links to a "sex simulator" app, telling users to try it out. But in reality, the links will download the ransomware to the victim's phone.
Once the app is manually sideloaded, the ransomware will try to spread to other Android devices. It'll do this by going through the victim's contact list, and sending SMS messages to all the phone numbers it can find. Each message will contain a link to download the sex simulator app.
The ESET researcher who led the investigation, Lukáš Štefanko provided further insight into the ransomware campaign the company discovered, saying: "To maximize its reach, the ransomware has the 42 language versions of the message template," To trick unsuspecting victims, the SMS message will claim the contact's personal photos have been uploaded to the sex simulator app.
Once completed, a ransom note will be displayed over the screen, demanding the victim pay about $94 to $188 in Bitcoin to recover their data. If they don't, the encrypted data will be erased after 72 hours.
However, Stefanko said the newly-discovered ransomware strain has some flaws. "According to our analysis, there is nothing in the ransomware's code to support the claim that the affected data will be lost after 72 hours," he said in today's research note.
He continued with: "The ransomware itself is flawed – especially in terms of the encryption which is poorly implemented. Any encrypted files can be recovered without help from the attackers. However, if the developers fix the flaws and the distribution becomes more advanced, this new ransomware could become a serious threat.”
At the very least, remind your users to only download apps from the Google Play store and never sideload any apps from dodgy websites.
This infographic will show your users what to watch out for on mobile devices to prevent them from becoming the next victim. We recommend you print this out, full PDF here.