Koler Ransomware Extorts Money from Users

Hands up! Law enforcement agencies want you to pay for your crimes—but wait, what crimes did you commit?

While your record may be squeaky clean, this malicious Android app sure isn’t and its makers are doing everything they can to extort money from consumers. I’ve discussed mobile apps that attempt to steal money from users before, however the particular piece of ransomware up for discussion today is a different beast entirely.

Known as Koler, this Trojan takes over a user’s device and prompts him or her with fake notifications from various law enforcement agencies, attempting to trick them into to paying for their “crimes.”

Koler has been on researchers’ radars since May. However, the discovery of new variants in October revealed an added component allowing Koler to spread from phone to phone through text message bringing a new dimension to the ransomware.

Once Koler is installed on a mobile device, it will open a persistent window that covers the entire screen and displays a message from local law enforcement agencies, accusing users of indulging in child pornography—a very heavy allegation. The ransomware requires victims to pay a fine using prepaid MoneyPak cards before they can regain control of their phone and get rid of the notification window.

Koler is able to display localized ransomware messages in more than 30 countries, including the U.S. In order to spread to more mobile devices, Koler will send a text message to every contact in the address book of an infected phone. This message displays a shortened bit.ly URL linking to Android application package file IMG_7821.apk, hosted on DropBox. If the recipient of this text installs the app, he or she will also unknowingly install Koler and become vulnerable to the scam.

This ransomware is extremely difficult to uninstall as the window it opens encompasses the entire screen, making navigation impossible. Therefore, a user must reboot the device in safe mode before Koler can be successfully uninstalled.

With malware such as Koler rapidly spreading across mobile devices, it’s extremely important for users to put an emphasis on the security of their phones. Here are a few quick tips that you can implement to protect against ransomware such as Koler:

  • Be sure the “unknown sources” option on your Android device is turned off. In the Android security settings menu, there is an option for users to install apps from sources outside of Google Play. When this setting is turned off, that device will not allow mobile apps from unofficial stores to be installed. Since the majority of malicious apps come from third party app stores, it’s a good idea to keep this setting off—permanently.
  • Don’t download files or click on unknown links. A good rule of thumb to remember is if something looks out of place or comes from someone unfamiliar, it should not be opened on your phone.
  • Take an active role in securing your mobile device. Although having security software installed on your device is an essential part of protecting your privacy, it is important that users be aware and take proper measures to avoid infection. McAfee® Mobile Security is free for both Android and iOS, and offers a variety of protections, including ones to help avoid ransomware like Koler for Android users.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post Koler Ransomware Extorts Money from Users appeared first on McAfee Blogs.