Android users beware! Ransomware spreading through SMS

Google's Android mobile OS is the biggest mobile OS platform in the world with a market share of more than 75% and its growing. However, new users are the risk of getting hoodwinked to install malware-ridden apps on their phone and end losing money or in rare cases get blackmailed by cybercriminals.

In the latest development, researchers at  ESET Mobile Security have uncovered a ransomware family Android/Filecoder.C, which is spreading fast by sending out messages with malicious hyperlinks to people and if the user clicks the URLs and download the app. Once installed, it locks the device and ask for ransom or else delete all the content.

Modus Operandi of Android/Filecoders.C 
It has come to the light that Cybercriminals are posting adult content with URL links to porn and coitus simulation Android apps on popular community sites such as Reddit and XDA Developers Forum to lure gullible readers.

Once the victim clicks the hyperlinks, they are transferred to shady third-party app stores and they go ahead by downloading the adult apps. Once downloaded, the application scans through the victim's contact list and send it to the Command & Control (C&C) server. 

It then shoots out SMS texts with similar shady URLs to the people's number pulled out from the victim's phone. 

Also read | 'Agent Smith' trojan infects 25 million Android phones

In the second stage, the attacker with remote access encrypts files be it documents or photos in the phone's storage and posts a note on the screen (below) warning the user to pay a ransom in terms of bitcoins or else, all the files will be deleted and the phone will be rendered useless.


Ransom message displayed on victim's phone; picture credit: ESET Mobile Security

Even if the user deleting the malicious app, the affected files will get deleted permanently.

"Android/Filecoder.C has been active since at least July 12th, 2019. Within the campaign we discovered, Android/Filecoder.C has been distributed via malicious posts on Reddit and the “XDA Developers” forum, a forum for Android developers. We reported the malicious activity to XDA Developers and Reddit. The posts on the XDA Developers forum were removed swiftly; the malicious Reddit profile was still up at the time of publication," ESET researchers said.

Readers are advised to be wary of URL links from unknown senders.

In a related development, there is a fake FaceApp, which is fooling unsuspecting people to download them and infect victims’ devices with an adware module called MobiDash.

Read more | Beware of fake FaceApp before installing on your phone

Here's how to protect your phone from malware:

Whether you have an Android mobile or iOS-based iPhone, always stay updated with the latest software. Both Google and Apple send regularly send firmware — especially security patches monthly or on a priority basis, whenever they detect threats. So, make sure you install the latest software.

Another good practice is to install a premium Antivirus software on mobile, which offer 24x7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a shady website

Never ever open emails or SMS and click URL links sent from unknown senders 

Also, never install apps from unfamiliar publishers. 

Always download apps from Google Play or Apple App store only. Never install from any third-party app store.

Get the latest news on new launches, gadget reviews, apps and more on personal technology only on DH Tech.

Comments (+)