The attachment of an email about a fake shipment, if opened, contacts a link from which the malware is downloaded. The data is then exfiltrated via SMTP.
Android / Filecoder.C is a new cybercrime mobile ransomware. The malware uses the victim’s contact list to send SMS with malicious links
There is a new mobile ransomware that uses the contact list in the victim’s smartphone to send SMS with malicious links. This was discovered by ESET’s cyber security researchers, who named it Android / Filecoder.C. Cybercrime malware has spread through some Reddit topics with adult content and, for a short period of time, also via forums of the well-known Android XDA developer community. Its peculiarity is the dissemination mechanism. Before starting to encrypt the files, send a series of text messages to all the addresses in the victim’s contact list, prompting the recipients to click on the malicious link, which leads to the ransomware installation file. Moreover, this mechanism could lead to a great spread of infections, especially since the malware has 42 language versions of the message.
Cyber security experts: Fortunately, the malicious code is not perfect. Here are all its limitations
According to cyber security experts, however, Android / Filecoder.C has obvious vulnerabilities. The first is linked to text messages, badly translated and sometimes meaningless (probably due to the use of automatic translators). Furthermore, the ransomware has several anomalies in the encryption mode. Malware, in fact, excludes large files – over 50MB – and images below 150KB. Finally, the list of files to encrypt would lack some of the typical Android extensions. The malicious code of cybercrime, however, does not prevent users from accessing their devices by completely blocking the screen. Add to this that the ransom money requested is not pre-set, but is generated dynamically using the UsidId assigned by the ransomware to the victim, with a single request for each user, which varies between 0.01 and 0.02 BTC.