It can be ransomware attacking Android to be in a downward trend since 2017, however recently, her researchers ESET discovered a new family, the Android / Filecoder.C, which uses the victims' contact list and tries to spread further through SMS with malicious links.
This new one ransomware spreads to Reddit through topics with pornographic content. THE ESET has reported the malicious profile used in its proliferation campaign ransomware, however it is still active. For a short time, the campaign had also run on "XDA developers», A forum for developers Android.
According to her report ESET, the cybercriminals who handle it ransomware, have removed the malicious posts.
"The campaign we discovered is small and rather smalltechnique. However, if he improves his infection techniques, this new one ransomware could become a serious threat ", comments her researcher ESET Closeš Štefanko, head of research.
Android / Filecoder.C uses interesting propagation mechanisms. Before file encryption begins, multiple text messages are sent to every address in the victim's contact list, prompting recipients to click to a malicious link that points to the file to install it ransomware.
"Θεωρητικά μπορεί να προκύψουν άπειρες μολύνσεις, καθώς μάλιστα το κακόβουλο αυτό μήνυμα είναι διαθέσιμο σε 42 γλώσσες (σ.σ.: και στα Ελληνικά όπως βλέπετε στην παραπάνω εικόνα). Ευτυχώς, ακόμη και οι χρήστες που είναι λιγότερο υποψιασμένοι μπορούν να καταλάβουν ότι τα μηνύματα δεν είναι σωστά μεταφρασμένα και σε ορισμένες γλώσσες δεν φαίνεται να βγάζουν νόημα», σχολιάζει ο Closeš Štefanko.
In addition to its non - traditional mechanism of spread, the Android / Filecoder.C has some anomalies in its encryption. Ε
extracts large files (over 50 MB) and small images (below 150 kB), while the list of "file types for encryption" contains many entries that are not related to Android, while missing some of the extensions that are common for Android.
"Obviously, the list has been copied from the infamous ransomware WannaCry", παρατηρεί ο Štefanko.
There are other interesting facts about the unorthodox approach used by the developers of this malware. Unlike the standard ones ransomware for Android, the Android / Filecoder.C δεν εμποδίζει τον χρήστη να έχει access στη συσκευή κλείνοντας την οθόνη. Επιπλέον, δεν έχει οριστεί ένα συγκεκριμένο ποσό ως λύτρα.
Instead, the amount demanded by attackers in return for the promise of decrypting files is dynamically generated using UserID which has determined the ransomware for the specific victim. This process results in the ransom amount being unique each time, ranging from 0,01-0,02 BTC.
The trick with the unique ransom is unprecedented: we have never seen it before ransomware targeting the ecosystem Android» says Štefanko. "Rather, the goal is to identify payments per victim, which is usually solved by creating a unique wallet. Bitcoin for each encrypted device. In this campaign, we detected that only one wallet was used Bitcoin.
According to Closeš Štefanko, users with devices protected by ESET Mobile Security they are not in danger from this threat. "They receive notice about the malicious link. Even if they ignore the warning and download the app, the security solution will block it.”
Sail Safe: This discovery shows that ransomware is still a threat to mobile devices Android. To stay safe, users must adhere to basic safety principles:
-
Always keep their devices up to date, ideally setting them to be updated automatically.
-
It is better to prefer the Google Play or other trusted app stores. They may not be completely free of malicious applications there either, but they are more likely to avoid them.
-
Before installing any application, check the ratings and reviews, focusing on the negatives, as they often come from regular users, while positive feedback is often created by cybercriminals.
-
Pay special attention to the rights requested by the application and avoid receiving it, if these seem disproportionate to the functions of the application.
-
Use a reliable mobile security solution to protect your device.
For more information, read the relevant blog on We Live Security.
_____________________
- Windows 10 Build 18950 ISO: Snip & Sketch with zoom!
- AV TEST: Windows Defender one of the best antivirus
- Windows 10 Build 18945 (20H1) ISO for Everyone