Lukas Stefanko, ESET's malware researcher, has unveiled a new family of ransomware. The malware uses the victim's contact lists for further dissemination via an SMS message filled with malicious links.
How does this ransomware work?
Ransomware uses an initial infection carrier on online forums such as Reddit and XDA Android developer forum.
It then spreads further by sending malicious SMS messages to all contacts of the originally infected Android smartphone, encrypts the majority of files and requires ransom.
The "rule" wants many of the victims to pay them incorrectly hackers in order not to lose data on the smartphone their.
ESET found that most of the postings on Reddit forums were related to pornographic material or even comments on porn-related topics. The attackers also used technical issues as a lure, hence the use of the XDA developer forum as an attacking vehicle. All publications have one thing in common: contain links or QR codes that lead to malicious applications.
Use SMS as a distribution channel
The ransomware-infected Android smartphone sends SMS messages in 42 different languages alerting users' friends and family that their photos are being used in a sex simulation game while link of the alleged application is also found in the SMS.
This application, of course, is ransomware itself and comes in disguised as a simulation game. Behind the cover, works as Command and Control center, spreading more malicious text messages and encrypting user files. However, this encryption is incorrect so there is a way to encrypt the data without paying ransom.
Tips for Android users
We need to start to realize that attackers are using every means to spread malware, so we should be more suspicious of SMS, especially if it comes from an unverified source.
In addition, let's not forget that ransomware is, in fact, a very prevalent threat. It's one of the easiest ways to make money hackers while bitcoin's anonymity and the fact that many people and companies have no alternative to payment make it a very viable business model.
The fact that ransomware is distributed via SMS using the victim's contact list makes it dangerous as it can spread quickly as people can more easily trust a message from a trusted source.