A New Sex Simulator Android Ransomware Can Infect Via SMS

According to ESET, a cybersecurity firm based in Slovakia, there is a new family of ransomware that infects via SMS and targets Android phones.

The ransomware is called Android/Filecoder.C and has been active since the 12 of July. Malicious links will be spread through users’ contact lists. Other distributing sources are the XDA-Developers Android forum and Reddit’s porn-related posts.

The SMS trick receivers into believing that the link it contains will lead users to a photo app, but in reality, anyone who clicks on it will be brought to an app that has the ransomware. To hide their real intention, the hackers sometimes change the domain names using URL shorteners.

The messages are in 42 languages depending on the default setting of the device. The contact name is also added to make the content more convincing.

When sending the SMS, the ransomware will encrypt most of the device’s files, including images and text, making users unable to access them. However, it seems like the attackers spare archived files that are larger than 50 MB.

According to the ESET report, the list of encryption files is an exact copy of WannaCry. While users are not locked out of the device, they will lose access to the data on the phone.

The attackers threaten that all data would be lost in 72 hours if the ransom was not paid. However, ESET finds no evidence proving that the ransomware can delete users’ files in the software code.

The exact number of victims is not released, but by inspecting the bit.ly link, the cybersecurity firm claimed that it was clicked 59 times.