Antivirus company ESET announced the discovery of a new ransomware Android / Filecoder.C targeting users Android devices and which cybercriminals distributed via malicious links and QR codes in the pornography subsections on Reddit as well as the forum for Android XDA Developers.
The bit.ly portal, a service for creating short links, was used to hide the suspicious address. Once downloaded, the malicious application sends text messages to the victim's entire contact list, nudging recipients to click on the link and download the malware.
Messages are written in 42 languages, but an attentive user will suspect something was wrong – the translations are not of high quality, and SMS are often a meaningless set of words.
After installing the malicious application, the files on the victim's device are encrypted, and the user is notified of the need to pay the ransom – otherwise, all files will allegedly be erased after 72 hours.
However, the experts did not find any commands to delete files after a limited time in the ransomware code.
It's worth noting that file encryption is comparatively unprofessional. First, the program does not encrypt large archive files (more than 50 MB) and small images (up to 150 KB).
Secondly, the list of encryption extensions recognized by the program looks unusual – it contains file types that have nothing to do with the OS Android.
It is noteworthy that each victim of the encryptor is assigned a unique ransom amount in the range of 0.01-0.02 bitcoin (from 6 to 12 thousand rubles)
At the time of publication, the profiles of users sharing Android / Filecoder.C on the XDA Developers forum have been removed. However, malicious links on Reddit are still available.