Ransomware - Free Followers

Free Followers
Decryptor Available
No
Description

Free Followers is an Android ransomware derived from the XRansom builder - A FOSS ransomware builder located on GitHub by a threat actor named XPHANTOM. Someone pulled this repository and created their version of the XRansom ransomware using the 'Free Followers' app name. The ransom note utilized the SYSTEM_ALERT_WINDOW permission to invoke a modal on the victim's device that demanded ₹1000, which was about $12.80 at the compilation time. Not only is this a small sum, but to close the window, all one has to do is kill the application process. The password to the ransom note is hardcoded into the source code - "Abdullah@." However, after the password is entered, the program re-invokes the modal, meaning that the ransom note alert window is in an infinite loop. Finally, based on the ransom note phone number's country calling code of +92 and the fact that the ransom is in rupees, we assume the threat actor (who claims to be from Anonymous Group) is from Pakistan.

Ransomware Type
Locker
Scareware
Country of Origin
Pakistan
First Seen
Last Seen
Lineage
Threat Actors
Type
Actor
Cybergroup
Anonymous Group
Extortion Types
Direct Extortion
Pseudo-Extortion
Extortion Amounts
Amount
1000INR($13)
Communication
Moyen
Identifiant
Telephone
Ransom Note Image
Samples (SHA-256)
5251a356421340a45c8dc6d431ef8a8cbca4078a0305a87f4fbd552e9fc0793e
References & Publications