Android/Filecoder.C Ransomware

Ransomware threats targeting Android devices are not very common despite the popularity of the Android OS. However, some cybercriminals still decide to try their luck and develop data-locking Trojans for Android devices. This is the case with the authors of the Android/Filecoder.C Ransomware.

Propagation Via Fake Erotic Games

The Android/Filecoder.C Ransomware is masked as an adult game and appears to have been advertised on various forums and even on Reddit. The authors of the Android/Filecoder.C Ransomware also use text messages as an infection vector. Once installed, the Android/Filecoder.C Ransomware will begin sending text messages to all the contacts on the victim's contact list. The messages would state that the recipient of the text has had their photo used in an adult game named 'SexSimulator' and would provide a link to the supposed game. However, once the user falls for this trick and clicks on the link, they would have their device infected with the Android/Filecoder.C Ransomware. The text message would even include the name of the person (grabbed from the contact list of the initial victim) so that it would look more believable. The text message template is available in 42 languages.

Locking Your Data

Once it has infected your device, the Android/Filecoder.C Ransomware will scan it and start encrypting all the files it was programmed to target. Once a file is locked by the Android/Filecoder.C Ransomware its name will be changed, as this threat ads a '.seven' extension at the end of the filename. The Android/Filecoder.C Ransomware appears to be somewhat copying the very popular data-locking Trojan called the WannaCryptor Ransomware as it targets identical filetypes. However, the Android/Filecoder.C Ransomware does not tamper with system directories.

Then, the Android/Filecoder.C Ransomware will present the users with a ransom note that would let them know what the ransom fee demanded is and how many files have been encrypted. The attackers state that all the locked data will be deleted if the victim does not pay up within 72 hours. However, malware researchers have inspected the code, and it would appear that the Android/Filecoder.C Ransomware is not capable of wiping off any data. The attackers appear to demand about 0.01 Bitcoin (~$95 at the time of typing this post).

We would advise you against paying. Also, it is very important to keep not only your PC secure with a reputable anti-malware tool but your mobile devices too.