Recently, security researchers have detected a new type of ransomware, which targets at Android users. On the infected device, it can infect other devices by sending text messages to victims’ contacts list on the phone. In this way, this kind of ransomware can be spread widely through the victim’s mobile phone.
It is reported that hackers post content of technical topic and related links of malicious websites on the Internet, thereby enticing users to download malicious programs through the domain controlled by attackers. Once downloaded to the user’s Android phone, the ransomware encrypts most of the user’s files on the phone and asks for ransoms to decrypt. At the same time, it sends a large number of text messages that link malicious information to contacts on the victim’s phone for further dissemination. Surprisingly, the content of these text messages is very vivid. For example, one of the text messages is attached by a composite photo, and the person receiving the text message will be anxious to open the link. According to statistics, 59 users have clicked on this malicious website from June to July, which further spreads the ransomware.
According to the report, this ransomware has a text message template in 42 languages. It is set to a different language when sent to the victim, and the contact name will be added at the beginning of the letter to make the message look more real.
Eventually, it is automatically directed to a malicious app when an unsuspecting user receives a text message and clicks on the link. It requires the victims installing the app manually to view the composite photos. Therefore many users fall in this trick.
However, it is reported that its main purpose is to establish a connection with the PC, and find the user’s disk, encrypt almost all files, and then extort bitcoin worth $94 to $188 dollars. The user may be able to remove the app but cannot decrypt it.
Researchers say that the code contains complex keys, so it is very difficult to crack. This means it is almost impossible to save the file without paying after the device is infected. Besides, there is no guarantee that the files will be recovered after paying the ransom. Therefore, do not click on the link or attachment when receiving texts or emails from unknown senders to prevent ransomware.
Published by Emerson L. Sullivan & last updated on August 8, 2019 6:32 am