Information security experts, users and owners of devices operating on Android, warned of a new strain of ransom viruses, which are still in their initial stages and reach their victims via SMS, containing a malicious link.
The new strain follows selective targeting, which focuses on limited victim groups, and uses a new method of decrypting files with available encryption tools is almost impossible, while experts have confirmed that the only thing currently available is to try to avoid HIV infection by avoiding opening messages Phishing scripts, and having a backup of files and data.
New breed
The new strain was discovered by a team of ISET security information security researchers who published a detailed report on welivesecurity.com, an information security firm, in which they confirmed that the new strain emerged two years after the ransom virus attacks on Android devices "Which is named" Android FileCoder C "and first spotted on July 12, 2019, as a file distributed through" malicious contributions "in two Android developers' forums, Reddit and XDA.
Method of propagation
Information security experts discovered that the attackers who developed this strain distribute it by posting malicious comments related to pornographic or non-pornographic topics that entice visitors and users of the Android Developer Forums, whether related to the topics being discussed on the forum or not, and are keen to be Posts are attractive, and in all the comments that have been posted by them, there has always been a "QR" link or code, which always refers to applications that the attackers find useful, valuable solutions or contributions, pornographic content, or communication With others through the "mobile", and when the noise It it by a user forum, the application is transferred to the carrier virus to the user's device. The researchers confirmed that 59 cases have been detected, in which visitors and developers in this trap, after the pressure on these malicious codes.
Spread of the virus
With the tracking of the attack, it turns out that when the virus arrives at the phones and devices caught in the trap of these temptations, it checks itself immediately, reaches the list of contacts of the device, and begins sending SMS messages with an active link, showing some temptations, , Indicating that the attachment is useful, performs functions that the user needs, or leads to "pornographic" things.
To achieve maximum spread, deception and attraction, the virus accesses the language 'settings' menu in the operating system of the infected device, sends messages in the language in which the device settings have been set, and the virus is able to send messages in 42 different languages, And some of its data with messages, as a kind of making it private messages from a trusted hand.
Installation and Playback
Once the phishing message has reached the victims, the victim must manually press the active link containing the malicious application, or the encoder virus. Once the pressure begins, the installation will begin immediately, and then the application will run. Initially, the application will display all the promised information In the message, it is often a sexual simulation game, and in the course of the game, the program or application has made contact between the victim's machine, the server computer of the attacker or the criminal who launched the virus, and includes the process of communication between the parties to operate the method of ransom payment, Unlocking keys Encryption after the victim's payment.
The ransom is usually part of the currency of PeteCwin, which currently stands at more than $ 9,400. The attackers demand a ransom of between $ 94 and $ 188.
Tips to avoid the virus
1. Update the hardware, then adjust it ideally to patch and update automatically.
2. Keep an updated version of the files in a separate, offline volume at all.
3. Only use reputable and trusted app stores.
4. Do not be fooled by any messages that imply material and pornographic and sexual links.
5. Before installing any app, check its ratings and comments, and focus on negative comments, as they often come from legitimate users.
6. Check the permissions and permissions required by the application.
7. Use a secure solution of insurance solutions to protect your mobile devices to protect your device.