It’s currently common knowledge that email attachments are often used by cybercriminals to spread malware. The emphasis placed on email safety by cybersecurity professionals is a good one—and it should not go away.
However, email is not the only way in which you can become infected with malware such as ransomware. Nor are desktop computers the only device that can be infected..
For several years now, malware has been created to infect mobile devices—specifically Android phones. While at the moment there is a minimum risk for Apple mobile devices, there is evidence that criminal app developers are trying to change that.
Understanding Malicious Android Apps
Android is fundamentally different than iOS because of the ability for users to download apps (APKs) freely outside of the central Google Play store.
Malicious APKs can be found on unregulated sites and forums, often hooking victims with the promise of being a porn app. Whenever the user tries to download and install APKs in this way they are performing an activity called sideloading.
The ability to sideload is not available to users by default. They have to go into the phone’s settings in order to enable it. However, it’s turned off by default for good reason, as sideloading is risky if done improperly.
Spreading APK Links Through SMS
Once a malicious APK is installed and run, SMS (text messaging) comes into play. Malware can be programmed with the intention of hijacking users’ contact lists to send out SMS messages with links to the malicious app.
There is one specific ransomware variant out there known as Android/Filecoder.C—active since July 12—that makes use of SMS in this specific fashion.
At first, the app has to sideload. Once it is installed and runs, it sends out text messages to the victims’ friends and family claiming that their photos were being used in a “sex simulator game.” A link to the app (the malware itself) is included in the text messages.
Advice for Protecting Yourself or Your Business
The last thing you want is to become infected with ransomware and then have your phone files/data locked. It’s highly recommended that you create ransomware backups for any important files and contacts on your phone to the cloud or a PC. In the case of being infected, you’ll be able to factory reset your phone and recover from the attack.
Last but not least, don’t trust odd requests to sideload apps on your mobile devices, even if the message is coming from a contact you know.