New ransomware spreads via SMS

(Image credit: Shutterstock)

While Android ransomware has been declining since 2017, ESET researchers have discovered a new ransomware family that uses victims' contact lists to spread further via SMS messages containing malicious links.

The new ransomware, referred to as Android/Filecoder.C, was distributed on adult content-related topics on Reddit and for a short time via the “XDA developers” forum.

The ESET researcher who led the investigation, Lukáš Štefanko provided further insight into the ransomware campaign the company discovered, saying:

“The campaign we discovered is small and rather amateurish. Also, the ransomware itself is flawed – especially in terms of the encryption which is poorly implemented. Any encrypted files can be recovered without help from the attackers. However, if the developers fix the flaws and the distribution becomes more advanced, this new ransomware could become a serious threat.” 

Android/Filecoder.C

Android/Filecoder.C gained the attention of ESET researchers because of its unique spreading mechanism. Before it starts encrypting files, the ransomware sends a batch of text messages to every address in a victim's contact list that contains a malicious link to ransomware installation file.

In addition to its non-traditional spreading mechanism, Android/Filecoder.C contains a few anomalies in its encryption. The ransomware excludes large archives (over 50 MB) and small images (under 150 KB). It list of “fileytpes to encrypt” also contains many entries unrelated to Android while also lacking some of the extensions typical for Android which Štefanko believes is a direct result of its list being copied from the notorious WannaCry ransomware.

Unlike typical Android ransomware, Android/Filecoder.C does not prevent users from accessing their devices by locking the screen. Additionally the ransom is not set as a hardcoded value and instead the amount requested by the attackers is created dynamically using the UserID assigned by the ransomware to the particular victim. This process results in a unique ransom amount for each victim, falling in the range of 0.01 to 0.02 BTC.

To prevent falling victim to ransomware, ESET recommends that you keep your devices up to date, only download apps from Google Play or other reputable app stores, check the ratings and reviews of apps before installation, pay close attention to the permissions requested by an app and use a mobile security solution to protect your device.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)