Security News

New Android ransomware spreads through contacts

Avast Security News Team, 2 August 2019

Also, an email scam steals $1.7M from a North Carolina county; school is delayed due to malware; and that supposed sextortion video of you does not really exist

Researchers have identified a new family of ransomware that attacks Android devices, locking up files and demanding payment in exchange for a decryption key, ZDNet reported this week. The new malware is called Android/Filecoder.C, and it is spread through malicious posts found on popular forums such as Reddit. The post pretends to offer adult content, but when a victim clicks on the malicious link, Filecoder automatically downloads to his or her device. 

The malware’s first action is to raid the device’s contacts and send infected “friendly” texts to everyone on the list, masquerading as recommendations for a photo app. If any of the contacts click the shared link, Filecoder will download to their devices as well. After plundering the contact list, the malware then encrypts the majority of files on the device, locking the victim out of them. A ransom note is then displayed demanding a cryptocurrency payment between $100-$200. Find out the latest guidance on addressing this threat. For more help, read Avast's essential guide to ransomware. 

This week’s stat

The U.S. Federal Trade Commission promoted payments for victims of the Equifax data breach – but the funds are insufficient. In order for the $31 million Equifax settlement to be divided into the publicized $125 payments, less than 2% of the 147 million victims would stake a claim.

North Carolina county loses $1.7M in email scam

Municipal officials in North Carolina’s Cabarrus County fell for a business email compromise scam (BEC) when bad actors posed as the company officials hired to build a new high school. Bleeping Computer reported that scammers sent a fraudulent email to city officials claiming that the bank account for Branch & Associates, the contractor building the school, had changed. Receiving documentation they believed was authentic, finance officers adjusted the banking information per the email’s instructions, and sent an installment of $2.5 million directly to the scammers’ account. 

Cabarrus County officials learned of their mistake weeks later, when an actual representative from Branch & Associates called about a missing payment. The bank froze what remained of the stolen funds, recouping approximately $776,500 and losing the other $1.7 million to the scammers. The U.S. Treasury reported that BEC scams have been steadily on the rise for several years, going from causing an average of $110 million in damages per month in 2016 to causing over $300 million in damages per month in 2018.

This week’s quote

“Our team is typically out in the field working in rural conditions, often accessing laptops and mobile phones from double-wide trailers on the job site.” – Doug Whitfield explaining the unique security needs of Edison Power Constructors

Cyberattacks target school districts

Cyberattacks struck two U.S. school districts in recent days, one in Watertown, N.Y., and one in Ashford, Ala. While there is no evidence to suggest the attacks came from the same source, both occurred just as the districts were preparing for their students’ return in the fall. 

Ashford officials are still assessing the damage of their cyberattack, reported local CBS affiliate WTVY. The Ashford school district uses 4,000 computers, almost all of which need to be reconfigured after the malware attack, causing officials to push back the first day of school a second time, by two weeks, until Aug. 12, reports The New York Times. New York state Fox affiliate TV station WWNY reported that the head of the Watertown city school district said Wednesday she anticipates “no negative impact” from the malware. 

Sextortion scams on the rise

Cybersecurity researchers who claim to have blocked over 289 million scam emails in the first five months of 2019 have identified many of those malicious missives as “sextortion” scams, reported Dark Reading. This increasingly popular phishing ruse typically includes the targeted victim’s username or password in the subject line and informs the target that he or she has been recorded with their own webcam performing various acts while watching online pornography. 

Avast Security Evangelist Luis Corrons noted that while the scam is simple, it can also be quite potent. “This is a very effective scam, as attackers use the victims’ real passwords to convince them they have been compromised. This password comes from old data dumps, and it is an extremely easy attack to perform. Most of these dumps contain an email address and password, that’s all attackers need to build a credible story. Remember, if it were true, attackers would send along a screenshot of the alleged video to prove what they have. Of course, they never do that because they don’t have it.”

This week’s ‘must-read’ on The Avast Blog

Top artificial intelligence experts are gathering in Prague in October to discuss the biggest issues related to AI – and students and researchers are invited to submit their work.


Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.