ESET is calling this ransomware strain Android/Filecoder.C (just Filecoder from here on out). It is primarily distributed by way of malicious posts on Reddit and the XDA Developers forum, the latter of which is a popular hangout for Android developers and enthusiasts. These posts lure victims by promising salacious material, such as porn-related content and sex simulators, and hide behind QR codes and shortened bit.ly links.
Those are all red flags, of course, and those who ignore them can end up with a compromised handset. Filecoder attacks generally do deliver on the promised content, but it is to conceal the app's true purposes, which are to communicate with command and control (CC) servers, spread messages to contacts, and encrypt certain files.
"The malware contains hardcoded C&C and Bitcoin addresses in its source code. However, it can also dynamically retrieve them: they can be changed any time by the attacker, using the free Pastebin service," ESET explains.
Source: ESET (WeLiveSecurity)
Once installed, Filecoder first contacts every person on a user's phone via text message. It then goes through files on accessible storage and encrypts most of them, save for ZIP and RAR files. The ransomware also ignores temporary files, file sizes over 50MB, and JPEGs and PNGs less than 150KB.
This is all concerning, though relatively easy to avoid with some commonsense practices. For example, only downloading apps from trusted sources is always advised, and users should pay attention to the permissions an app asks for. In addition, anyone who receives an SMS message to an application should avoid installing it, because of situations like this one.