security

A new ransomware attack uses Sex, utilizes SMS to spread it

If you use an Android phone, according to fresh studies from ESET, a Slovakian cybersecurity company, there is a fresh ransomware attack that uses SMS to propagate it.

ESET scientists lately found a fresh Android threat, and this has a strange adult theme that could be sufficient to suck unsuspecting consumers into installing it. 

The number of cases reported to date is limited, but you still have to know the events and make sure that you are doing all you can to prevent the spread of this ransomware.

First emerged on Reddit and forum threads via HTML connections and QR codes the Ransomware, known as Android / Filecoder. C. It usually disguises itself as an adult or a “gender simulation” VR app side loadable. Currently, the infected APKs dump ransomware on your computer and try to distribute it via SMS to stored contacts of an affected user.

The ransomware, Android / Filecoder. C, is active since July 12 and contacted via SMS messages containing malicious connections, utilizes contact lists for victims to further spread. The malware was spread on the Reddit and XDA-Developers Android forums through pornographic posts, scientists pointed out.

The SMS posts announced a link to an application that allegedly used photos of the victim if it is a malicious app that holds the ransomware. Sometimes attackers were discovered to mask domains names via URL shorteners as bit.ly in an effort to conceal their real intentions.

The messages were also transmitted in one of 42 languages according to the language of the device and the contact names were prefixed to add a customized touch.

The app is a sex simulator game online most often. But in the background it initiates contact with a C&C server, to access and encrypt and decrypt hard-coded addresses.

In its source code, the app includes hardcoded control settings (C2), as well as Bitcoin wallet addresses. However, Pastebin is a conduit for dynamic recovery by attackers.  

Once spreadsheets are sent, Filecoder scans the infected machine to discover all the storage documents and encrypts most of them. Filecoder encrypts file kinds including pictures and text files but does not include specific Android files such as .apk or.dex.

ESET thinks that the lists of encryption is no more than a WannaCry copy and paste task, which is much more serious and prolific.

The malware does not lock or stop the use of the computer screen, but the documents are not decrypted on the blackmail request if the victim deletes the app–but the scientists say it still is feasible to restore files free of charge because of the’ deficient encryption ‘ request.

Researchers say, however, that hard-coded files can be decrypted without paying the blackmail fee by changing the encryption algorithm into a decryption algorithm, and only the UserID provided to the victim through the ransomware is needed.

Source: Lifehacker

Tags

Mary Deshazo

Mary is a food and mobile tech industry enthusiast. She sleeps an eye open looking for industry updates and spends weekends fishing with her husband.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
DMCA.com Protection Status
Close
Close