Fake Pornography App Infecting Devices with Android Ransomware

Lukas Stefanko, a researcher at ESET security, recently discovered a ransomware that goes by the name of Koler to be affecting Android users based in the US through adult-themed websites and a fake PornHub app.

Not a new threat

The ransomware is not new, and according to BleepingComputer, it appeared on the scene in 2014. This was the time when developers of the Reveton virus decided to find a way to hack Android devices with a variant of Reveton.

Reveton, as you may know, was a ransomware that targeted Windows and once it was executed, it locked out the victims from their systems and displayed a lock-screen as such. The ransomware was being advertised through Russian-speaking hacking forums.

The latest Koler ransomware is a similar ransomware that locks users out of their systems and displays a message that is seemingly from the FBI, asking people to pay a fine as a penalty for visiting pornographic websites.

Android Ransomware Infecting Devices with Fake Pornography Apps
Image Credit: LukasStefank/Twitter

How does it work?

The ransomware works by advertising PornHub apps on pornographic or adult websites and users who are curious to view such content, are tempted to install the app on their phones.

Users who have phones in which third-party app installation is enabled will automatically allow the app to download. They would see a message prompting the user to click the “Continue” option for the installation to proceed further.

As soon as the user allows the app to be installed, the ransomware will be activated and hijack the victim’s phone. The ransomware will gain admin rights and will display a lock screen asking the user to pay a certain amount of fine.

How to remove the virus?

The ransomware can only be removed by rebooting your device in Safe Mode. After you have rebooted your device, the admin rights of the ransomware need to be removed and the app uninstalled.

US users, the only victims

Up till now, there have been no reports of the virus attacking users in other countries, and it has only been the US, that has been attacked. This is possible because the message displayed on the lock-screen is seemingly from the FBI.

Android under threat

Unlike its iOS counterpart, Android seems to have become a more common victim of ransomware attacks, particularly after the WannaCry incident.

In fact, just recently, an adware campaign targeted Android users through an Android Package that appeared to be a cleaner app. Once installed, the app would keep displaying ads on your phone’s home screen.

Furthermore, there have been a number of anti-virus apps that are in reality, malware and trick the users into downloading the app, promising protection from the WannaCry ransomware. Stay safe online!

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts