Koler Ransomware Infects Android Users in the US with Fake PornHub Apps

IoT Botnet

Here’s a malware, a ransomware that targets visitors to adult-themed websites, that too in the US only and tries to lure them via a fake PornHub app.

Koler, the ransomware that’s targeting Android users in the US, masquerades as fake adult-themed apps to infect unsuspecting Android users. Well, Koler is not a new virus; the Koler family of ransomware has been around for the last 2-3 years. This particular strain of malware, which has been around since 2014, has been targeting pornographic websites since its beginning. It was in a very clever way that the ransomware worked. It would lock people out of their devices and would also show them a police-themed warning demanding a fine for their adult content viewing habits. In the beginning, the ransom asked was usually a small amount, but the people behind the ransomware could still make big money. This because no porn viewer would want to see such warnings on their phones/tablets and would be ready to pay the money and get out of the predicament.

Koler is now back and is targeting Android users; the tactic this time is much different. The developers of the ransomware display fake advertisements on websites with adult content. These advertisements, which would be for some PornHub application would lure users into downloading the application. This application, which would contain the Koler ransomware payload, will thus lead to the device getting infected. As soon as the Koler ransomware is downloaded and installed, it would attain root privileges. Once the ransomware gets root access, a ransom message might appear on top of the current screen. Well, though the tactic has changed, the ransom message seems to be almost the same as the one used on Windows. It would be a notice (of course a fake one) from the US Department of Justice, asking the user to pay a fine of $500 within three calendar days.

To be noted is the fact that previous versions of the Koler ransomware came with geo-targeting capabilities. Thus the ransom note can be shown in any language, based on the user’s location. But despite the Koler ransomware having geo-targeting capabilities, this time it has targeted only Android users in the US.

How to Protect Yourself from the Koler Ransomware…

It’s some very basic security measures that need to be adopted to protect yourself from Koler ransomware or any similar ransomware that could infect your device. First of all, you need to be careful with websites that you visit. Secondly, extreme caution needs to be exercised as regards downloading files or clicking on links from unknown sources or the websites. Never download such files or click on such links. Thirdly, never download applications from unknown sources; always opt for apps from trusted developers, like Google Play Store. Finally, never forget to backup your data and to update the data on a periodic basis.

If Your Device is Infected…

In case you realize that your Android device is infected, the first thing that needs to be kept in mind is that it’s always advisable not to pay the ransom if there is a way out. You could always check for ways to get your files (which have been encrypted by the ransomware) decrypted for free. For example, in the case of Koler ransomware, you might be able to remove it by booting your device into Safe Mode, then removing the fake application’s administrator rights and finally deleting the app.

Rachel Weisz21 Posts

Rachel Weisz is a network security expert/analyst and is an author of many blogs/articles on internet security.

2 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register