Geek Dashboard Home
HomeNews

Don’t Fall Victim to this Android Ransomware that Pretends to be Adult Content

3 min read Leave a Comment

Ransomware isn’t new to the tech world. We covered about the earlier WannaCry attack here on GeekDashboard. It affected even government organizations by encrypting the files. The thing about Ransomware is they deny your access to the files and demands a ransom. No one is reported to have received their files back after paying the ransom.

The new one on the web goes by the name Filecoder.C. ESET researchers brought this in the daylight. Even though the number of affected cases is low, the mode of Operandi may attract thousands into installing the ransomware on their devices.

The New Android Ransomware Attempts to Spread to Victims’ Contacts

Image source: bleepingcomputer.com

The new threat to the Android users surfaced online first via Reddit via QR codes and HTML links. Dubbed as Android/Filecoder.C, the ransomware targets devices running on Android 5.1 or higher. The people who deliberately spread this online concealed it as adult content. For the same reason, careless ones fall prey to this trick.

Image source: welivesecurity.com

Once you sideload the infected APK on the device, it will spread itself via text messages to the contacts on your phone. When it is done spreading the threat, it will lock you out of all the files. You will never get to open any of them. It then demands you to pay a ransom of $90 to $100 to regain access. They claim to delete the files after 72 hours.

On dissecting the application, you can see the application uses the following permissions.

android.permission.SET_WALLPAPER
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SEND_SMS
android.permission.INTERNET

In order to boost the reach, the developers of the ransomware have included 42 languages for the message template. It chooses the language based on what you use on your phone.

The ransomware encrypts text files, images, and videos. However, for some reasons, .apk, .dex, .zip, and .rar files remain untouched. Both JPG and PNG images under 150KB also experience no harms. The files with size over 50 MB also seems like on the safe side. The encrypted files get an extension .seven and become inaccessible.

Image source: welivesecurity.com

ESET researchers found that due to narrow targeting and flaws in both execution of the campaign and implementation of its encryption, the impact of this new ransomware was limited.

If you want to protect yourself from ransomware, you shouldn’t open links sent by strangers. In case such a weird message comes from your acquaintances, contact them to confirm the source. In short, don’t try to open it before you ensure the credibility of the message.

Be the Change!

Spread the word and help us create better tech content

Facebook Twitter Reddit WhatsApp Pinterest
Avatar for Rahul Krishnan

Rahul Krishnan

Facebook Twitter

Rahul Krishnan, a wordsmith from Kerala, India is always in lookout for his next article idea. He is a fanatic reader. And, the rumour is that his mom has recently hidden his debit card so that he can't buy books anymore. She doesn't know he has a spare one.

Read all 509 articles from Rahul

Leave a Reply

The comments section is to assist our readers with any inquiries. Each comment undergoes rigorous moderation before it can be approved for publication.Your name and comment will be publicly visible. Your email address will not be published.Required fields are marked