If you think the usual ransomware is bad enough, well, you better watch out for this one that just became even nastier. In addition to its ability to encrypt your phone’s contents until you pay the ransom, it now spreads via text messaging.
According to AdaptiveMobile, this new variant of Koler has devices running Google’s Android operating system as its target as it keeps its mobile phones hostage and infected until a ransom is paid.
It also added that the variant is now capable of self-replicating itself through SMS messages. It sends messages to the contacts found in the address book of an infected device which contains a bit.ly URL.
It is said that this strategy is, apparently, an attempt by malware creators to improve the rate of infection over the earlier versions of the ‘ransomware’.
First observed last May when a Trojan was distributed via pornographic sites, Koler would lock the mobile phone’s screen of its victim and would start to demand money from the user.
Then, it provides a Bitly link. This link suggests the user to access a certain concerned profile.
The user is redirected to a DropBox page when a potential victim clicks on the link. That page, in turn, offers users to download a ‘PhotoViewer’ app that, when successfully installed, will block the user’s screen with a fake FBI page. This fake FBI page will then state that the device is blocked due to containing zoophilia and child pornography.
After that, the user will be given the option to ‘wa(i)ve the accusations’ by paying a fine using a Money Pak Voucher, before the device will be unlocked.
Since the phone is completely locked down with the screen blocked, the users won’t be able to close the window or deactivate the malware through the app manager settings and the victims have no choice but to buy the voucher as instructed on the blocking page. Thus, the voucher code will be sent to the malware writer.
AdaptiveMobile.com reminds users not to click the link if you receive one. It is however, advised to those whose devices were infected to not pay the ransom being asked for since it would only encourage criminals to take part on such acts and the unlocking of the infected device won’t be guaranteed. Reference: adaptivemobile