3 min read

Koler Android malware demands $300 ransom from its victims

Graham CLULEY

May 08, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Koler Android malware demands $300 ransom from its victims

Ransomware has posed a serious threat to desktop computer users for some time.

Notorious examples include CryptoLocker which encrypts victims’ files to such an extent that your chances of recovering your data if you don’t have a backup are zero, unless you are prepared to pay the criminals’ Bitcoin ransom.

Another commonly-seen example of ransomware is Reveton (also known as IcePol), which displays a bogus message purporting to be from your country’s police service – claiming that you have been monitored accessing child abuse websites, and demanding that you must pay a fine to escape prosecution.

And now, ransomware is making its presence felt on Android smartphones.

Security researchers have discovered malware for Android devices which mimics the techniques of Reveton, appearing to lock your phone with a message claiming to be from a law enforcement agency and ordering you to pay a fine or face the consequences.

The Android malware, called Android.Trojan. Koler.A by Bitdefender products, is a little different from some of the examples seen for Windows, however.

Koler does not presently exploit any vulnerabilities to install itself silently onto your Android device via a drive-by download. Instead, it asks you to help it grab a tight hold of your device, by popping up pretending to be a driver to help you watch x-rated adult videos.

So, in order to have your device infected, you have to have allowed apps from non-approved sources (ie. not the official Google Play store), and to granted the app permission to install itself on your device.

However, because the message could easily pop-up while you are browsing a hardcore porn site and because you (presumably, otherwise why are you there?) *want* to watch something a bit naughty… maybe you *would* allow the program to install itself on your smartphone?

That’s social engineering at work once again. It’s often the case that the problem is not the technology, but the fleshy human sitting in front of the keyboard making poor decisions.

Before you know it, the IMEI number of your smartphone has been sent to the criminals, and a Geo-IP lookup has determined which part of the world you are based in.

With that information, the Koler Android malware displays a message customised for your particular country.

So, for instance, Americans will see a message claiming to come from the FBI Department of Defense / USA Cyber Crime Center:

ATTENTION!

Your phone has been blocked for safety reasons listed below.

All the actions performed on this phone are fixed.
All your files are encrypted.
CONDUCTED AUDIO AND VIDEO.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.

And British victims will see a similar message but with imagery suggesting it has come from the Metropolitan Police:

For examples of other messages which can be displayed, check out the detailed description of the threat on the Bitdefender Labs blog.

Bitdefender senior e-threat analyst Bogdan Botezatu explains that although the message attempts to scare users into believing that their files have been encrypted in order to get victims to pay the $300 ransom, the truth is that the malicious app does not have the correct permission to meddle with the device’s files.

Botezatu says that the malware can be uninstalled relatively easily, by dragging the app on the home screen to the top of the screen where the uninstall control is located, or by booting infected devices in Safe Mode whereupon the malware can be uninstalled.

Admittedly, Koler is hardly the most sophisticated example of ransomware ever seen.

It doesn’t, for instance, exploit any zero-day vulnerabilities in order to ease its installation – unlike the Icepol Police Ransomware that was seen exploiting a Java zero-day vulnerability last year.

But Koler is only the second example seen for the Android platform, and as devices running the operating system become ever more popular we can only expect criminals to develop more serious attacks, designed to outwit the unwary.

Once again, we have to call upon Android users to take greater care over their security. If you aren’t already running an anti-virus on your Android device, you are playing a very dangerous game.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read