In May this year, we reported about a Trojan ransomware dubbed Koler that targets Android devices by pretending to be a legit app but actually manipulates the devices’ screen to cash in on fake alerts alleged to be coming from law enforcers worldwide, such as the FBI in the United States.
Now researchers have discovered that the Koler ransomware has been updated by its malicious developers to expand the Trojan’s reach through a spammy text message. According to the researchers who found that the Trojan has been updated, Koler also sends the spam message to all of the victim’s contacts whose mobile numbers are stored in the compromised phone.
The message also contains a bit.ly URL that redirects to an application package stored in a Dropbox account, which when installed on a computer or mobile device will lock up your machine and ask you to pay a certain amount to regain the key to it.
Consequently, the spread of the Koler ransomware has grown exponentially as many unsuspecting users fell for the trap and actually clicked on the malicious link. In mid October security researchers at AdaptiveMobile, who have painstakingly been monitoring the Trojan, have observed an outbreak of Koler. During that period hundreds of mobile devices appeared to have been infected based on early indications. Those phones are from the various U.S. carriers, including Verizon, AT&T, Sprint and T-Mobile.
At the outset of the Koler Trojan, the ransomware was circulating through porn sites and users were lured into downloading and installing it since it was operating under the pretense that it was a legit app.
The ransomware operates by launching a persistent window shielding the entire device display to show a fake message from an alleged law enforcement agency with the warning that the user stores child pornographic materials in the device infected. The malware then goes on to extract fines from the victim in order to pay for the alleged crime.
Users who have fallen victim to the Koler ransomware come from many countries in various continents and regions globally.
Here’s how you can counter the Trojan. Disable the option to install apps from unknown sources in your Android security settings. Most of the time malicious apps come from third party app stores, meaning they are not vetted by the scanner in Google’s Play Store.
But it would be hard to remove Koler from your device once it is installed because it is a persistent attack. It might require a bit of complex techniques to uninstall it. You can switch your machine in safe mode and reboot the device to do so.