Researchers report that they have identified new ransomware that spreads directly through the sending of malicious links by SMS.
If the distribution modes of ransomware can be varied, the result is always the same. Namely, to take the victims’ data hostage and receive a ransom, which is regularly requested from Bitcoin.
Usually, hackers exploit this malware on a computer, which is not the case with this new ransomware.
Some peculiarities for this virus that spreads by SMS
Indeed, ESET’s cybersecurity researchers explain that they discovered a new virus that spreads via SMS by exploiting the victim’s contact list. First, it sends a message to a user, also to his contact address book. The message in question then displays many links on which users are encouraged to click for the ransomware to be installed. The reason why the latter’s distribution mechanism is different from the others because it sends SMS messages before starting to encrypt the victim’s data. The amount of the ransom requested is between 0.01 and 0.02 BTC.
Beyond this difference, the researchers also noted that the ransomware in question did not encrypt small 150 KB images and documents larger than 50 MB. Similarly, it does not block users’ access by locking their screens.
Called Android/Filecoder.C, ransomware often appeared in pornography-related discussions on Reddit and was also seen on XDA developers’ forums. The moderators of the latter have deleted the messages on this subject after being notified by ESET.
Lukas Stefanko, an ESET researcher, working on malware protection, explains: “The campaign we discovered is small and rather amateurish. The ransomware itself is defective – especially with regard to encryption, which is poorly implemented. All encrypted files can be recovered without the help of attackers. However, if developers fix the flaws and distribution become more advanced, this new ransom software could become a severe threat.
The researchers give some basic recommendations to avoid becoming a victim of such a virus. It is necessary to update your devices, download only verified applications from the Play Store, and consult the authorizations required to install an app.