Filtered By: Scitech
Now, this is one ransomware that became nastier. Not only does it encrypt your phone's contents until you pay ransom, it also spreads via text messaging.
The new variant of Koler targets devices running Google's Android operating system - and keeps infected mobile phones hostage until a ransom is paid, AdaptiveMobile.com said.
"In this new variant of Koler (Worm.Koler) we found that it is now capable of self-replication via SMS messages which are sent to contacts in the address book of an infected device containing a bit.ly URL," it said.
Such a strategy appears to be an attempt for the malware writer to improve the infection rate over earlier versions, it said.
Koler was first observed last May when it was a Trojan distributed via pornographic websites. At the time, it would lock the victim’s mobile screen and demand money.
But AdaptiveMobile said the new version now sends itself as an SMS message to a prospective victim, claiming someone made an online profile supposedly containing the victim's photos.
It then provides a Bitly link that suggests access to the concerned profile.
"When a potential victim clicks on the link, the user is redirected to a DropBox page that offers user to download a ’PhotoViewer’ app. Once installed, it blocks user‘s screen with a fake FBI page, which states the device has been blocked for containing child pornography and zoophilia. The user then has the option to ‘wa(i)ve the accusations’ and unlock the device by paying the 'fine' using a Money Pak Voucher," it said.
"The device appears to be completely locked down with the screen on the phone blocked, so the user won’t be able to close the window, or deactivate the malware through the app manager. The victim is forced to buy a voucher as instructed on the blocking page, and send the voucher code to a malware author," it added.
AdaptiveMobile said it has requested bit.ly to disable the link, and contacted Dropbox to remove the malware.
"We are also actively blocking the message on our customer networks. In the interim, however, if you receive the message you should not click on it, and report it to your operator," it said.
Meanwhile, it advised those whose devices were infected not to pay the ransom, "as it won’t guarantee the unlocking of your device, and it will further encourage criminals to participate such ransom activity."
The Hacker News also suggested that users always have the "Unknown Sources" option turned off in their Android device security settings menu.
"Turning off of this option won't let users to install applications from unknown sources, but only from the official Google Play store," it said. — Joel Locsin/TJD/VC, GMA News