Free Followers is an Android ransomware derived from the XRansom builder - A FOSS ransomware builder located on GitHub by a threat actor named XPHANTOM. Someone pulled this repository and created their version of the XRansom ransomware using the 'Free Followers' app name. The ransom note utilized the SYSTEM_ALERT_WINDOW permission to invoke a modal on the victim's device that demanded ₹1000, which was about $12.80 at the compilation time. Not only is this a small sum, but to close the window, all one has to do is kill the application process. The password to the ransom note is hardcoded into the source code - "Abdullah@." However, after the password is entered, the program re-invokes the modal, meaning that the ransom note alert window is in an infinite loop. Finally, based on the ransom note phone number's country calling code of +92 and the fact that the ransom is in rupees, we assume the threat actor (who claims to be from Anonymous Group) is from Pakistan.
Ransomware - Free Followers
Free Followers
Description
Ransomware Type
Locker
Scareware
Country of Origin
Pakistan
First Seen
Last Seen
Lineage
Threat Actors
Type
Actor
Cybergroup
Anonymous Group
Extortion Types
Direct Extortion
Pseudo-Extortion
Extortion Amounts
Amount
1000INR($13)
Communication
Medium
Identifier
Telephone
+923044466333
Samples (SHA-256)
5251a356421340a45c8dc6d431ef8a8cbca4078a0305a87f4fbd552e9fc0793e
References & Publications
Rakshit Awasthi [sh4dy]: Free Followers (Ransomware)
Twitter | X: @malwrhunterteam - freefollowers.apk