New Android Ransomware Spreads Via Reddit
August 1, 2019 Share

New Android Ransomware Spreads Via Reddit

Researchers are warning of a potentially serious Android ransomware threat that spreads via malicious links in SMS messages and posts in forums.

ESET malware researcher, Lukas Stefanko, explained in a blog post that Android/Filecoder.C has been active since at least July 12 — distributed via Reddit posts and an Android developers forum known as “XDA Developers.”

“Using victims’ contact lists, it spreads further via SMS with malicious links,” he continued.

“Due to narrow targeting and flaws in execution of the campaign, the impact of this new ransomware is limited. However, if the operators start targeting broader groups of users, the Android/Filecoder.C ransomware could become a serious threat.”

Once the malware sends itself out via malicious SMS links it will encrypt most files on the victim device and request a ransom. The texts that contacts of the victim receive try to socially engineer them into clicking by claiming that their photos have been found in an app.

Most of the malicious forum and Reddit posts discuss porn-related topics, although some are also tech-related. Links, sometimes shortened, or QR codes are used to point to the malware, explained Stefanko.

“To maximize its reach, the ransomware has the 42 language versions of the message template seen in Figure 5. Before sending the messages, it chooses the version that fits the victim device’s language setting. To personalize these messages, the malware prepends the contact’s name to them,” he continued.

“The malware contains hardcoded C&C and Bitcoin addresses in its source code. However, it can also dynamically retrieve them: they can be changed any time by the attacker, using the free Pastebin service.”

If users delete the ransomware app then their device will be encrypted for good, although there’s nothing to support the claim on the lock screen that affected data will be lost after 72 hours, ESET said.

The ransom itself is relatively small, around $94-$188.

The security vendor urged Android users to stick to the official Google Play store for app downloads, keep their devices up-to-date at all times, pay attention to permissions requested by apps and download AV to their handsets.

This post New Android Ransomware Spreads Via Reddit originally appeared on InfoSecurity Magazine.

Read More