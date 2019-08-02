A new kind of ransomware targeting Android smartphones has been discovered, which further spreads to other mobiles via SMS or text messages. The Android/Filecoder.C ransomware was first detected by security firm ESET, who highlighted that the ransomware has been active since July 12, 2019.

Ransomware, for those who are not aware, will encrypt all files on a device and won’t let the user decrypt or access them until some sort of ransom is paid for the same. Usually ransomware is demanded in the form of bitcoin payment by creators of such software. In this case, the hackers want around $94 to $188 worth of bitcoins in ransom.

According to ESET, the ransomware was spotted on Reddit and XDA Developers forums. While XDA Developers swiftly removed links to this their portal, the ransomware posts on Reddit were still up. The ransomware was linked in the form of a sex simulator game on these forums and encouraged users to comment on these posts.

How does this ransomware for Android work?

The links on these posts contained malicious Android files for download. Once the victims downloaded the files on their Android phones, it would quickly access their SMS and send a malicious link to all their contacts and then encrypt the user files on the device. However, the user could still access and use their phone, and the ransomware does not lock them out of the device.

It also appears that after the files have been encrypted, decrypting them is not a simple task. ESET says the hardcoded key for encryption is an RSA-1024 public key, which can’t be easily broken, and it would appear that users will have to pay the attacker in order to access their files.

The malware has 42 language versions of the corrupt and malicious message, even though they are poorly translated and some language versions do not make any sense, according to Lukáš Štefanko, the ESET researcher who led the investigation. The only good news is that the spread of the Android ransomware campaign is currently small.

ESET suggests the Android users keep their devices up to date with the latest security patch and stick with apps which are available on Google Play in order to avoid malicious apps getting downloaded to their smartphone.