Protect Yourself From the New Android Ransomware That Impersonates Porn
ESET researchers recently discovered a new Android threat and it has a quirky adult theme that might be enough to trick unsuspecting users into installing it.
The number of reported cases is still small, but it is still important to know what is going on and do everything you can to prevent the spread of this ransomware.
How Filecoder.C ransomware works
The ransomware known as Android / Filecoder.C first appeared on Reddit and in discussion forums via HTML links and QR codes. It is usually disguised as adult content or a downloadable virtual reality “sex simulator” application. In fact, infected .APKs drop ransomware onto your device, which then tries to spread via SMS messages to the infected user’s saved contacts.
After sending the texts, Filecoder.C encrypts and blocks users from accessing almost all files on their phones, making them unusable. He then requests a Bitcoin ransom to regain control. Based on analysis of the application code by Welivesecurity, the exact ransom could be anywhere from $ 90 to $ 190 – or even higher, depending on the current value of bitcoin.
While the encryption and ransom appears to be real, the app also claims to delete the ransom data after 72 hours. Welivesecurity has been unable to confirm if this is true. However, he confirmed that Filecoder.C uses an encryption method that is difficult to crack – even worse, removing the ransomware app does not cancel the ransom. You can read the Welivesecurity report for a full explanation .
Tips for preventing ransomware and other malware
Again, Filecoder.C doesn’t seem to have much adoption yet, but it is still in active circulation. Here are some tips to keep yourself safe from this and other nasty Android malware:
Be suspicious of random texts and links from your contacts
- Fake texts sent from Filecoder.C claim that incriminating photos of you are displayed in other apps, but unless you have been arrogant about sharing such content, this is unlikely.
- These messages will look and sound strange at first, so you’ll have to tell them that your friend didn’t actually send them. If this message is from someone you don’t communicate with regularly, this is another reason not to follow the links contained in the message.
- When in doubt, do not download, click on incomprehensible links and do not install the .APK, because your friends sent you text messages out of the blue. Call your friend and ask what happened – you can even do him a favor by alerting him to their own malware infection.
Decode QR codes and check HTML link sources before scanning or clicking them
- Free PC QR code reader and creator lets you know what a QR code is before you scan it. This tool alone isn’t enough to keep you safe, but it at least helps you see what the codes will do before you open them.
- For HTML links – especially short links like bit.ly links – use a service like ScanURL to diagnose them.
- The easiest way to spot suspicious / fake full-length HTML links at a glance is with excessive “%” characters in the URL.
The steps above are helpful, but we also recommend that you completely avoid HTML links and QR codes if they seem strange or you can’t confirm what they are.
Don’t download or install random APKs
- Stick to trusted app stores or trusted sites like APK Mirror .
- Malware and ransomware is especially notorious for pretending to be adult content . Be extra careful with these links and don’t install weird-sounding naughty apps, especially if you’re downloading them to your device.
- Use an antivirus app to prevent malicious apps from being installed.