Lukas Stefanko, a researcher at ESET security, recently discovered a ransomware that goes by the name of Koler to be affecting Android users based in the US through adult-themed websites and a fake PornHub app.
Not a new threat
The ransomware is not new, and according to BleepingComputer, it appeared on the scene in 2014. This was the time when developers of the Reveton virus decided to find a way to hack Android devices with a variant of Reveton.
Reveton, as you may know, was a ransomware that targeted Windows and once it was executed, it locked out the victims from their systems and displayed a lock-screen as such. The ransomware was being advertised through Russian-speaking hacking forums.
The latest Koler ransomware is a similar ransomware that locks users out of their systems and displays a message that is seemingly from the FBI, asking people to pay a fine as a penalty for visiting pornographic websites.
How does it work?
The ransomware works by advertising PornHub apps on pornographic or adult websites and users who are curious to view such content, are tempted to install the app on their phones.
Users who have phones in which third-party app installation is enabled will automatically allow the app to download. They would see a message prompting the user to click the “Continue” option for the installation to proceed further.
As soon as the user allows the app to be installed, the ransomware will be activated and hijack the victim’s phone. The ransomware will gain admin rights and will display a lock screen asking the user to pay a certain amount of fine.
Few days ago we detected a lot of Android Koler #Ransomware activity in USA. #Malware impersonates only PornHub
URLs https://t.co/3PCsIhKzfs pic.twitter.com/L0GvlmAo8Y— Lukas Stefanko (@LukasStefanko) June 22, 2017
How to remove the virus?
The ransomware can only be removed by rebooting your device in Safe Mode. After you have rebooted your device, the admin rights of the ransomware need to be removed and the app uninstalled.
US users, the only victims
Up till now, there have been no reports of the virus attacking users in other countries, and it has only been the US, that has been attacked. This is possible because the message displayed on the lock-screen is seemingly from the FBI.
Android under threat
Unlike its iOS counterpart, Android seems to have become a more common victim of ransomware attacks, particularly after the WannaCry incident.
In fact, just recently, an adware campaign targeted Android users through an Android Package that appeared to be a cleaner app. Once installed, the app would keep displaying ads on your phone’s home screen.
Furthermore, there have been a number of anti-virus apps that are in reality, malware and trick the users into downloading the app, promising protection from the WannaCry ransomware. Stay safe online!
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.