Security researchers have discovered a new ransomware targeting Reddit users on Android devices unlike anything seen before.
Despite not being as common as it was back in 2017, a new family of Android ransomware has been discovered by security researchers at Eset, which found that it is targeting Reddit users. For a short period of time the virus also existed on the XDA Developers forum used by Android developers.
The ransomware grouping – dubbed Android/Filecoder.C – is designed to trick Reddit users with links spread through porn-related topics. This new virus is notable for its spreading mechanism, which differs from other ransomware.
Before it starts encrypting a target’s files, the virus sends a batch of text messages to every address in the victim’s contact list, luring the recipients to click on a malicious link leading to the ransomware installation file.
If successful, this can set off a chain of infections as the malware message has 42 language versions. However, the virus should be easy to spot as the messages are poorly translated, often not making any sense.
A ransom note displayed by Android/Filecoder.C. Image: Eset
Other anomaly in the code that makes Android/Filecoder.C quite unique is in its encryption, suggesting it may be derived from the infamous WannaCry ransomware. Unlike typical Android ransomware, Android/Filecoder.C doesn’t prevent the user from accessing the device by locking the screen.
Also, the ransom is not set as a hardcoded value, as the amount requested by the attackers to decrypt the files is created using the user ID assigned by the ransomware to that particular victim. This process results in a unique ransom amount, falling in the range of 0.01 to 0.02 bitcoin.
To protect against the virus, Eset advises many of the familiar tips: keep Android devices up to date, don’t download apps not found in the Google Play Store and check an app’s permissions before installation.
The Reddit app on Google Play Store. Image: Pe3check/Depositphotos