Ransomware that spreads through SMS has infected Android

A fresh type of ransomware has been found which targets Android smartphones and extends further to other mobiles by SMS. It was first identified by security company ESET which stressed that the ransomware was in operation since 12 July 2019.

According to ESET, Reddit and XDA Developer Forums have found ransomware. While XDA developers quickly removed connections to their portal, the Reddit ransomware messages are still available. In the form of a sex simulator game, Ransomware was connected to these forums and invited users to comment on these postings.

It is also said that the ransomware has 42 distinct language variants of the single message model that it chooses depending on the language environments of the device being infected.

What is Ransomware?

It will encrypt all files on a device.  And will not allow the user to decrypt or access them until some kind of ransom is paid for files that are encrypted. Usually, ransomware is asked by developers of such software in the form of bitcoin payment. The hackers want bitcoins in ransom worth approximately $94 to $188.

How the new Ransomware works?

The researchers also stated that the malicious app is installed once the link in the email sent is clicked. The app frequently shows a sex simulator while quietly spreading malicious emails and implementing background encryption or decryption.

“Because of access to the user’s contact list, the ransomware has the capacity to send text messages. Before encrypting documents, it sends a message to each contact of the victim,” the investigators said in the post.

Once the message sending phase is complete, it gets through the accessible storage files and then encrypts almost all of them. The ransomware-injecting app involves pre-coded command-and-control (C2) settings as well as Bitcoin wallet addresses used to process ransom. The attackers also use Pastebin as a gateway to recover the data from the source code dynamically.

It is reported that the ransomware encrypts different kinds of documents, which include general text files and images. It does not, however, catch typical Android extensions like.apk and.dex and compressed files basedon.zip and.rar formats. Instead of totally blocking device access, Filecoder. C encrypts particular information and shows the ransom note. It also generates a public and private key pair in which a RSA algorithm and a hardcoded value encrypts the private key. This allows the attacker to decrypt the private key remotely after the attacker gets the required ransom sum.

How to stay on the safer side?

Users are advised to download Google Play applications to prevent attack opportunities. Avoid hitting unidentified links and maintaining the phone up-to-date is also advisable.