After two years of decline in Android ransomware, a new family has emerged. We have seen the ransomware, detected by ESET Mobile Security as Android/Filecoder.C, distributed via various online forums. Using victims’ contact lists, it spreads further via SMS with malicious links. Due to narrow targeting and flaws in execution of the campaign, the impact of this new ransomware is limited. However, if the operators start targeting broader groups of users, the Android/Filecoder.C ransomware could become a serious threat.
Android/Filecoder.C has been active since at least July 12th, 2019. Within the campaign we discovered, Android/Filecoder.C has been distributed via malicious posts on Reddit and the “XDA Developers” forum, a forum for Android developers. We reported the malicious activity to XDA Developers and Reddit. The posts on the XDA Developers forum were removed swiftly; the malicious Reddit profile was still up at the time of publication.
Defenx PLC (LON:DFX), founded in 2009 and listed on the London Stock Exchange, is an up-and-coming company in the mobile security sector which offers a wide range of solutions for the protection of smartphones, desktop PCs and laptops.