ESET researchers have discovered a new Android ransomware strain called Android/Filecoder.C. The strain was distributed on adult content-related topics in Reddit and in the “XDA developers” forum under the guise of a “sex simulator” app. Clicking the link downloads the ransomware. It then uses the victims contact list to further distribute the infected link via SMS messages that claim the victim saw their contacts photos on the scandalous sex simulator site. Lukáš Štefanko, the lead ESET researcher on this strain, stated that the ransomware campaign has versions of the message template in 42 languages to maximize its reach.
Once completed, a ransom note is displayed demanding @ $100 in Bitcoin to recover data. It states the data will be erased if demands are not met within 72 hours. Štefanko has said, however, that there is no indication the 72 hour window is legitimate. He further stated that the ransomware itself is “flawed” with poorly implemented encryption, and that most files can be recovered without help from the hacker.
Android users are reminded to only download apps from Google Play Store and never from sketchy links. KnowBe4 has a fantastic infographic to show users what to look for located here.