There’s a new type of Android ransomware making the rounds that leverages SMS text messages to spread, according to a new report from cybersecurity company ESET. The ransomware has been active since July 12, and essentially uses victims’ contacts lists to spread.
According to the ESET blog post, the malware is called Android/Filecoder.C, and was first distributed on Android developer forums on Reddit, including the XDA Developers subreddit. On these forums, the malware was distributed through pornographic posts.
Usually, the ransomware is disguised as an online sex simulator game, but sometimes its also a tech-related app. Once downloaded, the infected .APK file initiates contact with a server to access a list of addresses and encrypt and decrypt files in the background. It then sends the text messages, and scans the device to encrypt files with the extension “.seven.” That prevents users from being able to access files on their own device. Users are then told that to decrypt their files, they have to pay a ransom — which is usually between $94 and $188 — in the form of Bitcoin. According to the report, the ransom message could be shown in one of 42 languages, maximizing its reach. The malware is able to choose the language of the system, so the user can understand it. Once the ransom is paid, a the private key is sent to the victim, and they can then decrypt the files.
Once the malware is on a device, it’s able to send text messages to contacts on the phone with a link to an app that apparently uses the recipients’ photos — when, of course, it’s actually a malicious app. Sometimes, the link is masked using a bit.ly link.
It’s important to note that if you do find yourself with the malware, your files may not be lost, and you may not have to pay the ransom. According to ESET, while the ransom message says that files will be deleted in 72 hours, that isn’t always the case. Not only that, but encrypted files can be recovered without paying the attackers — though ESET is quick to note that if the attackers fix the flaws, the malware could become more advanced and become a more serious threat.
So how can you prevent being attacked? Simple — don’t download any apps from third-party sources, and don’t click on links sent via text message that tell you your photos are being used in an app.