How Hackers are Spreading Android Ransomware via SMS to Your Contacts?Melissa Limaa
Do you an android user? If yes, then take moment and read this as the security researchers discovered a new type of ransomware, especially targeting android phones and it is spreading via SMS from one device to another. SMS is malicious code in actual.
Researchers of cybersecurity firm ESET published a blog post recently in which they revealed that a new ransomware named as android/filecoder.C that target Android devices specifically. This type of ransomware has been active since le 12 July 2019. Malicious hackers behind this Ransomware are trying to spread this ransomware to the masses via redid and via the XDA Developer forum. Meanwhile, the XDA Developers have removed the post containing malicious code but it is still up on the Redid Developer platform, it is noted by the researcher in a blog post.
Once a user downloads the Android/filercoder.C, a malicious file then this ransomware is further spread via infected SMS containing some malicious link to all contacts in the contact list of the victim.
Distribution of Android Ransomware:
The addition to the family of ransomware is spreading via two methods
- Via SMS
- Via XDA and Redid android developing forum
The threats actors post a comment contain the link of ransomware download on the Redid and XDA platform. To gain the attention of the victim towards the malicious file download the threat actor posted the porn-related or Technology-related or QR codes that are bounded with malicious apps. The attackers are experts in their work, they hide the URL by using URL shortening, a bit was posted on Redid that says that it has received 59 clicks from different countries where the link was posted on 11 July 2019.
The hackers plan the spreading of this ransomware very wisely and efficiently. If they are succeeded to attract one victim toward their malicious ransom code, they are successful in infecting a hundred other, How? Of the victim click the malicious link and download it, then it scans for the whole contact list of the victim and sends a Malicious SMS to all of them, and in this manner, the chain continues from one device to many.
Once the victim who received the SMS clicks the link, he needs to download an app then. After installation, it will display a message on the screen of the victim’s device “whatever is promised in posts distributing it, but its purpose is C&C communication, spreading malicious SMS and implementing the encryption or decryption mechanism,” read ESET report also.
42 languages, Bitcoin and C & C are encoded in the malicious app. Before starting the encryption process, a Malicious SMS is sent to all contacts of victims, then it gains access to the storage of the devices to start encryption. According to researchers, files can be recovered due to flawed encryption. Second thing is that in the ransomware code, it is mentioned nowhere that the encrypted data will be lost after 72 hours, indicating a high possibility of data recovery after infection.
The following type of files can be encrypted by this malicious code
- All types of document files including.
Doc, .docx, .xls, .ppt”,.pptx”, “.ost”, “.msg”,xlsx, .pst, jpeg”, “.jpg”,“.docm”,“.dot”, “.dotm”, “.dotx”, “.xlsm”, “.xlw”, “.xlt”, “.xlc”, “.xltx”, “.pptm”, “.pot”, “.ppsm”, “.ppsx”,.docb, .dotm, .xlsb, .xlm, .xltm, .pps, .
This ransomware does not lock the screen just like other ransomware because it is more advanced and also it does not encrypt following files and directories
- tmp”, or “temp
- zip or .rar over 50 MB
- .jpeg, jpg and png file less than 150 KB
Once the encryption process is completed, your files will begin to appear with an extension of .seven. at this point, Hecker won and you almost lost. Now the Hecker will demand ransom from you, he will say that pay him if you want to get your data back. But wait! You cannot be a surrender in front of ordinary hackers easily; According to ESET researchers, the files can be unlocked without paying the ransom. The technique used to unlock infected files is very simple, just change the encrypting algorithm into a decrypted algorithm, for this, you just need your User Id and the malicious apk file, encase the author has changed the hard code value, but so far we have seen the same values in android/file code.c file.
Another way to avoid this ransomware is to ensure the security of your data. If you become the victim of ransomware you don’t need to pay for unlocking your files if you have a backup of your data files. Once you have Plan B then you don’t need to be worried about the encryption techniques hackers have used to potentially damage your data and then ask for some ransom.
If you ensure the security of the data at your own then these ransomware attacks will not give you Goosebumps, it will be a valueless threat for you, whom you can easily neglect and delete those .seven extension files. You might be thinking about how to secure your data? Let me tell you the answer, by taking the help of phone surveillance software BlurSPY.
How to avoid ransomware?
Although ransomware is complex and advanced malicious software that uses a military level encryption algorithm to infect computer systems and networks, ranging from personal use computers to the large organization’s system. Ransomware has marked extortion to the world by spreading basic knowledge about how to avoid ransomware attacks. Here is the list of basic precautions against ransomware attacks:
Be careful while online:
The very basic and much-needed step to take against ransomware is to watch out your online activities, be more careful while browsing. Refrain from clicking unknown links and pop-ups adds as much as you can. Do not take the risk to click emails that are sent to your spam folder. Spread ransomware through spam emails is a very traditional method of ransomware hackers, so avoid opening emails that are sent to the spam box.
For this latest addition to the family of ransomware that is spreading via SMS from device to device, it is better to do not open any SMS containing an unfamiliar link. Delete such type of messages as soon as you can. By taking these few steps and by browsing carefully you will be able to save your data and your own self also from some greater fatigues and headaches.
Invest in security software:
The best way to save your android devices from this advance and complex type of ransomware is to made investment in the security software. Choose software that provides you real-time security protection and also indicates the residing of any malicious and potentially harmful files and garbage in your android device. The system you choose for the security of your device must be capable of deleting all malicious files immediately after it detects those files and also permanently.
An ideal security tool is the one that provide you comprehensive report on the trust level of the files present in your android device, so that you can remain updated according to the current state of your device, and will be able to take some steps at very early age in order to save your android device from ransom attack.
Not only this, your android device has some other threats as well, you have to take care of these threats also. It might seem minor to you but can damage your device capability and performance very badly.
Your employees can breach your precious data within a few seconds because they are the ones who are very close to the systems of your organization. It is better to keep an eye on employee’s digital activity so that you can be informed about what they are planning to do.
BlurSPY Android Tracker:
Without any shadow of a doubt, BlurSPY is one of the top-ranked android tracker that provides you with multiple options to sleek into the device of the target silently. In this era, where technology is getting a hike rapidly, things are getting more complex. Parents are worried about their children’s contact with the strangers, employers are worried about data breaching, a partner is having a suspect on another half that he is cheating upon him/her.
Let’s put your worries to an end with BlurSPY cell phone monitoring software. The beghasted features of BlurSPY will amaze you. The phone surveillance system BlurSPY intended to help you in your struggle against the harmful side of technology.
BlurSPY will give you an opportunity to sleek into your kid’s, employees or partners’ phone calls. With BlurSPY you will be able to do following spying acts:
- Listen to all the incoming and outgoing calls live
- Record all incoming and outgoing calls of the target device
- Interrupt calls
Sleek into conversations:
With the BlurSPY SMS tracking app, you will be able to access all the chats and conversations no matter whether received on sim or any other social networking platform; you will have access to all conversations through your dashboard without giving the slightest hint to the target.