A specific user group using Android smart phones and tablets is being targeted by a deadly new Ransomware as per report by BitDefender.  The Ransomware, named Koler.A, targets only those users who browse the net for 18+ and NSFW websites and infects their smart phones and tablets if they visit certain triple x websites.
Android users browsing for NSFW content beware, Koler.A ransomware out to snare you
Bitdefender on its blogpost claims that it has identified a new malware which can lock access to Android users smart phones or tablets till such ransom is paid to the owners or author of this ransomware/malware. Bitdefender has called this ransomware/ malware  Android.Trojan.Koler.A.

Bitdefender says that the malware is being downloaded by Android smart phones and tablets users under a guise of a video player App, if their owners browse certain triple x websites. “As the user browses, an application that claims to be a video player used for premium access to triple x downloads automatically,” explained BitDefender in a blog post.

Bitdefender also believes that the author of Koler.A is the same one who wrote the Revetol / Icepol trojan.  It says on its blog post that this new malware is the work of the gang behind the Revetol / Icepol trojan, which infected hundreds of thousands of PCs in 2012 and 2013. “It was just a matter of time until the highly prolific gang behind the Reveton / IcePol network made a move on Android,” it suggests.

Android.Trojan.Koler.A however works in quite a different way. As it cannot install itself on the victims Android device, it uses a fake video player to get itself installed.  However the Android should have enabled sideloading in their settings (Unknown sources box clicked in settings) and then tap an ‘Install’ button when prompted to install what they think is a video player. Once installed, it identifies its victim’s location and shows them a webpage with a warning in their language: “Attention! Your phone has been blocked up for safety reasons listed below. All the actions performed on this phone are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO”.

The page also claims that they have “violated World Declaration on non-proliferation of child pornography” as well as flouting copyright infringement laws, warning of possible jail terms for both. And then it tries to charge a $300 ransom to remove the threat.

“The bad news is that by the time you see the message, the bad guys already have your IMEI on file,” said BitDefender’s chief security strategist Catalin Cosoi.

Bitdefender however said that the author of Koler.A is just making empty threats about the device being lock or the data encrypted as Koler.A doesn’t have the necessary permissions to actually encrypt victims’ files. “The good news is that Koler.A can be easily removed by either pressing the home screen and navigating to the app, then dragging it on the top of the screen where the uninstall control is located, or by booting the device in safe mode and then uninstalling the app.”

Bitdefender states that the easiest ways to avoid this malware is to avoid visiting triple x websites which  ask you to download a premium video player and if you have already done so, and download the Ransomware, dont give in to its threats.  Just delete the Ransomware. 

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here