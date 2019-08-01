Android smartphones have reportedly been targeted with ransomware that spreads through messages. The ransomware is spread through an SMS message which contains the malicious code.

Security researchers at ESET have discovered a new ransomware called Android/Filecoder.C. The ransomware has been found on various Android devices running on Android 5.1 and later, and has been active since July 12, 2019. The report suggests that hackers use various online forums like Reddit and XDA Developers Forum to distribute the malware.

Once a user opens the SMS text, the ransomware gets access to the phone’s contact list. This further spreads to all contacts stored on the phone.

The report also added that the attackers used two servers to distribute the ransomware. To attract victims, the hackers would lure them by posting links and QR codes of malicious apps. These apps were mostly porn and technical topics.

“To maximise its reach, the ransomware has the 42 language versions of the message template. Before sending the messages, it chooses the version that fits the victim device’s language setting. To personalise these messages, the malware prepends the contact’s name to them”, the report added.

Once the app is installed, it installs excepted Android files that occupy more than 50MB memory. The code once installed, would then ask users for a ransom. “The ransomware goes through files on accessible storage – meaning all the device’s storage except where system files reside – and encrypts most of them”, the report stated.

Only after the ransom amount is paid, the code would decrypt all the files on the device. If the user does not pay the ransom within 72 hours, all their data is lost.

To avoid being a ransomware victim, users can keep their devices up to date with the latest security update. Users are also advised to download apps only from the Google Play Store as such malware can most-likely be only found on third-party websites.