Typical Android ransomware has been found which goes deep into the system of the smartphone. This Android ransomware basically comes from SMS messaging. This has been revealed as per the security researchers. This ransomware has arrived with a twist as it uses text messages to spread. This text message is all related to a sex simulator game which basically uses the photo of the users. Not only this but also this ransomware is dubbed with Android/Filecoder.C which is distributed widely all across a couple of online forums which include Reddit as well as XDA Developers.

As per the reports, the online attackers have found offering their targeted victims to download such adult related contents from the specific suspicious links. These links are basically created for the ransomware attack and they will demand a ransom which will be ranging from Rs 6000 to Rs 13000 approximately. If we convert it into USD it will range in between $98 to $188 respectively.

 A security researcher named Lukas Stefanko at cybersecurity company ESET has revealed a new family of Android malware is in the wild. This particular ransomware will make use of the contact list of the users for spreading through text messages along with a suspicious link. These malicious links have been spotted to be posted on various platforms which were related to certain porn contents.

These malicious apps were reported to be active since 12th of July and if these suspicious apps are installed by the victims, it will automatically start spreading SMS texts to the contact lists of the particular victim. As we mentioned above, the text messages will be containing malicious links which will increase the curiosity of the victims and all the links are advertised in the form of applications. These apps will mainly use photos of the receiver.

 Not only this but also the ransomware are featured with 42 languages in just a simple message template and it automatically selects the language settings as per the infected device. The experts have also stated that one the suspicious message has been sent and the recipient clicks the particular message, the app gets installed instantly.

One of the researchers revealed in the post, “The ransomware has the ability to send text messages, due to having access to the user’s contact list. Before it encrypts files, it sends a message to each of the victim’s contacts.”

 Once the ransomware completes this process of spreading messages, it goes into each and every file of the device and starts encrypting all of them. The particular app brings out the ransomware among which hardcoded command-and-control settings which are also known as C2 as well as Bitcoin wallet. These things are basically used in processing ransom.

Not only this but also the ransomware is known in encrypting numerous types of files which basically include texts as well as images. Having said that, it does not take any Android extensions like .dex as well as .apk and compressed files which are in the form of .rar as well as .zip formats.

How does the ransomware operate?

As we already know that this ransomware has been active since the 12th of July and has been sharing the malicious links in various online forums such as XDA Android developer and Reddit forum. It again spread by sending suspicious text messages to the contact list of the victims. It again goes deeper into the files of the victim and further demands ransom. One of the researchers further added, “It is possible to decrypt the affected files without any assistance from the attackers.” Not all of the victims will go on the web to search for information about this ransomware.

ESET also found that most of the suspicious links that are posted on Reddit were related to porn and comments on porn based threats. The posts which have been found by the researchers shared one thing in common which contains QR codes as well as links which mainly follow suspicious applications.

Using Text messages in the form of distribution channels

As we mentioned earlier the text messages which are sent from the Android phone are infected and it contains 42 languages. The app which comes out after clicking the link is ransomware and is basically a sex simulator game. The system is designed in such a way that it consists of control and command center which spreads malicious links.

Need of the hour for the Android users

Jake Moore, a researcher of cybersecurity at ESET said, “We need to start realizing that attackers use any way they can to spread malicious software so we should not be too quick to act on a text message, especially from an unverified source.” He further added, “think about how this contact would usually communicate with you and verify with them face to face or by phone before clicking away.”

The Android users are recommended to download apps from the Google PlayStore to avoid these risks. They are further adviced not to click on the unknown links and remain up to date.