Protect Yourself Against New Android Ransomware That Pretends To Be Porn

A new Android threat was recently discovered by ESET researchers, and it has a quirky adult theme that might be enough to sucker unsuspecting users into installing it.

The number of reported cases so far is low, but it’s still important to be aware of the what’s going on and make sure you’re doing everything you can to prevent this ransomware from spreading.

How Filecoder.C ransomware works

The ransomware, known as Android/Filecoder.C, first appeared on Reddit and forum threads via HTML links and QR codes. It’s typically disguised as adult content or a sideloadable “sex simulation” VR app. In actuality, the infected .APKs dump ransomware on your device that then attempts to spread itself via SMS messages to an afflicted user’s stored contacts.

After sending the texts, Filecoder.C encrypts and locks users out of almost every file on their phones, rendering them unusable. It then requests a Bitcoin ransom in order to regain control. Based on Welivesecurity’s dissection of the app’s code, the exact ransom could fall anywhere between about $US90 ($130) to $US190 ($275)—or even higher, depending on bitcoin’s current value.

While the encryption and ransom appear to be real, the app also claims it will delete the ransomed data after 72 hours. Welivesecurity was unable to confirm if this is true. What it did confirm, however, is that Filecoder.C uses an encryption method that is difficult to crack—worse, deleting the ransomware app doesn’t undo the ransom. You can read Welivesecurity’s report for a full explanation.

Tips for avoiding ransomware and other malware

Again, Filecoder.C doesn’t appear to have spread very far just yet, but it’s still in active circulation. Here are some tips to keep yourself safe from this and other nasty Android malware:

Be suspicious of random texts and links from your contacts

  • The fake texts sent from Filecoder.C claim that compromising photos of you are showing up on other apps, but unless you’ve been cavalier about sharing such content, that’s highly unlikely.

  • These texts will look and sound strange to begin with, so you should be able to tell that your friend actually didn’t send it. If the text is from someone you don’t talk to regularly, that’s even more reason to avoid clicking any links the message contains.

  • When in doubt, don’t download click on obscure links or install .APKs because your friends texted you them out of the blue. Call up your friend and ask what’s up—you might even do them a favour by alerting them to their own malware infection.

Decode QR codes and check HTML link sources before you scan or click them

  • The free QR Code Desktop Reader & Generator lets you see what a QR code is before you scan it. This tool alone isn’t enough to keep you safe, but it at least helps you see what codes are going to do before you open them up.

  • For HTML links—especially short links like bit.ly links—use a service like ScanURL to diagnose them.

  • An easy way to spot suspicious/fake full-length HTML links at a glance is excessive “%” symbols in the URL.

Following the above steps is helpful, but we also would recommend to just avoid HTML links and QR codes entirely if they feel odd or you can’t confirm what they are.

Don’t download or install random APK files

  • Stick to verified app stores or trusted sites like APK Mirror.

  • Malware and ransomware are especially notorious for pretending to be adult content. Take extra caution with these links, and don’t install weird-sounding naughty apps—especially if you’re sideloading them onto your device.

  • Use an anti-virus app to prevent malicious apps from being installed.

Comments


Leave a Reply