In 2017, ransomware attacks sneaked into the lives of many citizens and also many companies. Wannacry who woke up all the alarms with a worldwide attack that paralyzed even the British health system.
That attack and improvements in security in operating systems have dropped the number of these cyber attacks. Now, cybercriminals are looking for another form of entry and seem to have discovered a gateway and perhaps forgotten by users: the SMS.
Wannacry’s relative is Android / Filecoder.C, ESET researchers have discovered. «The campaign we have discovered is starring amateurs and that is verified by seeing the encryption techniques used since they are very poor. In fact, any infected file can be recovered without major problems, ”says Lukas Stefanko, the head of ESET who led the investigation.
This new malicious virus has been found camouflaged in different topics related to pornography on the Reddit platform and, to a lesser extent, in the XDA developer forum. “Although the profile used for the dissemination of malware has been reported, it is still active in Reddit,” ESET warns. “It is likely that the criminal tries to improve this malware by resolving existing bugs and looking for a more advanced form of distribution, so it could become a very dangerous threat,” says Stefanko.
Like all ransomware, the program presents a payment screen that explains that the data has been encrypted. The only way to unlock the files is to pay in bitcoin, even if you present some peculiarities such as the rescue on demand depending on the user and their data, although the amount ranges between 0.01 and 0.02 bitcoins.
While all this is happening, Filecoder.C also sends SMS messages to all the victim’s contacts with some variation in the message. The spread of this malware “should cause a massive infection,” since, as researchers have discovered, the message is “translated into 42 different languages.” However, its poor translation means that “most users who receive it treat it as suspicious.”
In addition, Android / Filecoder.C contains some anomalies in its encryption. “It seems that criminals copied the Wannacry ransomware list,” notes Stefanko.