The “ransomware” has been found camouflaged in different topics related to pornography on the Reddit platform A malicious program of type ” ransomware ” (a harmful program that restricts access to a device) for Android sends SMS with malicious links to the contacts of its victims, as discovered by the cybersecurity company ESET. The company has also warned that it is a campaign led by fans and with errors in its code.
ESET explains in a statement that this virus, called Android /Filecoder.C, reaches the user through a malicious link in a text message that, if clicked on it, leads to the ransomware installation file, which It is a “peculiar” way of distributing this type of ” malware ” (virus).
The head of ESET who has led this investigation, Lukas Stefanko, has assured that the form of propagation “should cause a massive infection, especially considering that the message can be found in up to 42 different languages.” However, and as it qualifies, that message “is very poorly translated and most of the users who receive it treat it as somewhat suspicious.”
From the company, they have pointed out that “ransomware” “has found itself camouflaged in different topics related to pornography on the Reddit platform and, to a lesser extent, in the XDA developer forum.”
Stefanko has detailed that this campaign is led by amateurs, which is checked “by seeing the encryption techniques used since they are very poor.” In fact, he said that “any infected file can be recovered without major problem.”
The cybersecurity researcher explained that the “ransomware” contains some anomalies in its encryption, for example, it excludes files of more than 50MB and images of less than 150kb. In addition, “your list of file types to encrypt contains many entries that do not correspond to Android files and, however, are missing extensions typical of this operating system.”
In addition, other unusual elements are included in this type of “malware” that hijacks the computers, such as that the screen of the infected user is not blocked and “that it is not a set of preset values, but the rescue that is demanded is generated dynamically when using user identification “. This amount usually ranges between 0.01 and 0.02 bitcoins.
Stefanko concludes that “it seems that criminals copied the Wannacry ransomware list .” In spite of this, it has highlighted the possibility that it is “probable that the offender will try to improve this” malware “by resolving existing faults and that he looks for a more advanced form of distribution, so it could become a very dangerous threat.”
From the company, they recommend updating the devices automatically and downloading only applications from the Google Play Store or from known distributors. They also advise, before installing an application, reading the scores and comments of other users, observing the permissions requested by the app and, above all, using a security solution specific to the mobile.