ESET: new encoder for Android is distributed through pornography

Anti-virus company ESET announced the discovery of a new ransomware Android/Filecoder.C, aimed at users of Android devices and which attackers distributed through malicious links and QR codes in the subsections of pornography on Reddit, and a forum for Android developers XDA Developers.

To hide the suspicious address was used the portal bit.ly — a service for creating short links. After downloading, the malware sends text messages to entire contact list of the victim, urging recipients to click on the link and download a malicious program.

Messages are composed in 42 languages, however, the attentive user will suspect something is wrong — the translations do not differ in quality, and it often happens that SMS represent a meaningless set of words.

After installing the malicious application files on the victims ' devices are encrypted, and the user receives a notification to pay a ransom, otherwise all files would be erased after 72 hours.

However, experts have not found in the code of extortionist commands to delete the files using any limited time.

It Should be noted that file encryption is made relatively unprofessional. First, the program does not encrypt large backup files (over 50 MB) and small images (up to 150 KB).

Second, the list of recognized program of extension for encryption looks unusual — it mentions the file types that are not related to the Android OS.

It is Noteworthy that each victim of the encoder is assigned a unique redemption amount in the range of 0.01 to 0.02 bitcoins (from 6 to 12 thousand. RUB)

At the time of publication user profiles, distributed Android/Filecoder.C on the XDA Developers forum have been removed. However, malicious links on Reddit is still available.