SIMonline

Service receive & sending SMS

Android ransomware, blackmail through Reddit and SMS

150   |     /   Security
Android ransomware, blackmail through Reddit and SMS
A new type of ransomware is spreading among Android users through online forums and SMS messages.
Researchers warn of a new Android ransomware distributed via links on online forums and in SMS messages. Malicious links suggest connecting to a sex simulation game, but actually lead to extortion, which encrypts the victims' files.




To avoid such SMS attacks, use temporary phone numbers and never indicate a personal number on suspicious sites

The Android ransomware, dubbed Android / Filecoder.C, has been active since at least July 12, when researchers discovered it through two domain links. These links were distributed mainly on online forums, including through Reddit in posts that were related to each other, or through a forum for Android developers called “XDA Developers” in sections related to technical topics.

“Using the victim’s contact lists, it spreads further via SMS with malicious links. Due to narrow targeting and campaign flaws, the impact of this new ransomware is limited, ”said Lucas Stefanko of ESET in the analysis of ransomware. “However, if operators start focusing on wider user groups, the Android / Filecoder.C ransomware could be a serious threat.”

In addition to online forums, researchers have discovered that malicious links are distributed via SMS. After the victim is infected, the ransomware also sends malicious domain links via SMS to the victim’s contact list. These SMS messages add a certain level of urgency and personalization to set up contacts for opening them, because they use the contact name specified in the SMS message and tell the contact that their photos are used in the sex simulation game.

“These reports include links to ransomware; in order to increase the interest of potential victims, the link is presented as a link to an application that allegedly uses photographs of potential victims, ”Stefanko said.

A link to a malicious application is sent to the targets, which must be manually installed by the victims. After launching the application, it displays everything that is promised through the posts it distributes - most often, an online simulator.

But behind the scenes, the ransomware activates, launches command-control communications, spreads malicious messages to other victims' contacts, and introduces an encryption and decryption mechanism. Android ransomware Android / Filecoder.C

The ransomware program encrypts various types of files, including DOC, PPT, JPEG and others. In this case, the malicious program leaves the files unencrypted if the file extension is .zip or .rar, and the file size exceeds 51,200 KB / 50 MB. In addition, JPEG, JPG, and PNG files with a file size of less than 150 KB are also not encrypted.

After encrypting the victim’s files, the ransomware displays a note in the application requesting a ransom with a request for payment in bitcoins. A ransom note warns that data will be lost after 72 hours, and that the files will not be decrypted, even if the application was deleted.

“It is true that if the victim uninstalls the application, the ransomware will not be able to decrypt the files, as indicated in the ransom note,” the researchers said. “In addition, according to our analysis, there is nothing in the ransomware code to support the claim that the affected data will be lost after 72 hours.”

Although researchers do not say how many of them were infected, when checking one such bit link distributed on Reddit, Stefanko said that it reached 59 clicks from different sources and countries.

Researchers have urged Android victims to avoid attacks by updating devices and keeping track of application downloads on Google Play. Android devices face many threats: a new generation of Android malware, called Agent Smith, has infected 25 million mobile phones to replace legitimate apps with doppelgangers that display fraudulent ads, researchers say. Researchers have also discovered a remote access Trojan for Android called Monokle, which uses the latest technology to exfiltrate data.

Similar news


Google closes its Trips app

Google closes its Trips app for mobile phones, but includes most of the service’s functionality in its Maps and Search app, the company said in a statement.

Google’s Pixel 4 smartphone will have motion control and face unlock

Google’s Pixel 4 will be released this year, and it’s been receiving long-awaited recognition with Google’s decision to move forward this year. A new video published by Google about the upcoming Pixel 4 (which is likely to be unavailable until the fall), demonstrates some new features for this generation: motion control and face unlock.

Buyers rarely update smartphones - will 5G help?

A new NPD study confirms what we already know about the state of the smartphone in 2019. People simply do not update as often as they would like. You can see the consequences of this when companies such as Apple and Google are trying to cope in order to stay on pava. However, it’s nice to put some numbers in an abstract trend.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2020

All rights reserved