Pay a $300 fine or else your Android phone will be locked

by: William Neilson JrMay 8, 2014

Android Ransomware Ars Technica

Ars Technica alerts us to research that has uncovered Android-based malware that disables infected handsets until the users pay a cash payment to for their viewing of illegal pornography:

“The malware is automatically downloaded when people visit certain pornography sites using an Android phone. The sites then claim that the APK installs a video player used for premium access. To be infected, a user must change Android settings to allow out-of-market apps and then manually install the APK.”

Using the logo of the FBI and President Barack Obama, Android-Trojan.Koler.A uses a location function to tailor the warnings to whatever country that you reside in. The malware prevents users from accessing the home screen of their phones, making it impossible to use most other apps installed on the phone.

In some cases, a phone can be restored only when you pay a so-called “fine” of about $300, using payment services such as Paysafecard or uKash that are incredibly difficult to trace. Thankfully, there is no evidence that the malware encrypts any files on a phone’s storage.

The malware has already claimed at least 68 victims in the past six hours:

  • 40 in the United Arab Emirates
  • 12 in the UK, six in Germany
  • 5 in the US
  • Others in Italy and Poland

Almost two years ago, Symantec found that malware extorts an estimated $5 million a year from users through devices that become unusable and often display logos of local law-enforcement agencies, along with warnings that the user has violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours. The report identified at least 16 different ransomware versions spawned by competing malware gangs.

More recently, scammers have built strong cryptography into malware, known as Cryptolocker, that holds entire hard drives hostage until end users pay a Bitcoin ransom of around $300.

Ransomware Kiandra

These issues are another reminder that Android users are being targeted by the malware and social engineering attacks.


  • MasterMuffin

    How did they know!? *Cough* *cough* I mean yea, just malware, nothing to worry about *cough*…

    • Gab Tab

      It means that they also fell victim to these malware….Wait a sec, it;s only on porn webs. Sooooo, we now know what William Neilson has been up to in his free time.

      • MasterMuffin

        “Ars Technica” sure sure :D

  • Moose

    If you’re dumb enough to install an untrusted ask from a porn site, you deserve to be extorted.

    • Moose


    • Annie

      Unless you were just trusting enough to let you 15 year old brother use your phone, like I did.

  • Mayoo

    When someone comes to your door claiming their are FBI what is the first reaction? Confirm their identity? I though so.

    People need some serious internet training and/or to grow a brain.

    • Simos Katsiaris

      a friend that uses computers for 20 years just asked me… how do you drag and drop in the new windows…. people never learn if they are bored to read and most users are bored reading

      • bob

        Lol what. no..

        • Simos Katsiaris

          sorry man, it’s the truth

    • David Gabel

      Which is why I feel it’s not the tech community’s responsibility to change thing because a few idiots refuse to RTFM or attempt to educate themselves on how it works. A good example is security. If a person is too lazy or stupid to use a real password and not something like “P@$$w0rd!!” for their password on every site they go, including banking, then that’s their own fault. Stop coddling the weakest links..

      • mustbepbs

        P@$$w0rd!! seems pretty secure to me. It would take a brute force attack a very, very long time to crack that.

    • districtjack

      This kind of malware targets old people who have just purchased their first internet capable device. Believe it or not, there are people in their 50’s that still do not own a computer or even a basic cellphone.

  • Naman Sood

    Just asking, how difficult would it be to swipe down, open the flip settings, then tap on Settings and uninstall it from the Apps menu?

    • bob

      Not difficult. You just need a tiny bit of brains.

    • Akash

      you cant do tht if u have a secure login…

      • Naman Sood

        Secure login? You mean patterns and such? You need to get past that to open the FBI thing…

      • Aditya Bhatt

        Lol bullshit

    • John

      I’m only reading this because it just happened to me and I tried this. It doesn’t open. It doesn’t even let you turn off your phone. You have to take the battery out. I was like “DUDE THE ACTORS ARE OVER 18 WHAT THE FUCK I DIDN’T KNOW IT’S NOT MY FAULT PORNHUB POSTED AN ILLEGAL VIDEO. THE VIEWER DON’T KNOW ANYTHING ABOUT THE PEOPLE THEY’RE WATCHING HAVING SEX!”

  • Josh Johnson

    This is why a nandroid backup is so helpful. I’d reboot into recovery and be done with it. Nice try

    • KingofPing

      status-bar pulldown – jump to settings, uninstall app.


      • MasterMuffin

        That’s way too complicated

        • KingofPing

          Heh…for most users – that is is sadly true. I know many folks who would look at me as though I had been speaking farsi if I told them to do that…

          Apparently the “app” is also called “” in settings-apps. (Not that I’d have any reason for knowing this, mind you…)

          • MasterMuffin

            I know 2 people who can uninstall apps from other place than launcher :/

            You got it for research purposes, right? ;D

          • KingofPing

            You could say that…

            …it’s amazing how hard the APK is to find “legitimately” (Searching by the name of the “malware” and “apk”).

          • MasterMuffin

            No respectable web page shares malware!

          • KingofPing

            pfft….respectable web sites are so mundane.

          • 2wert

            Have been trying to find Android Malware for months, to decompile it, but couldn’t find anything exept Adware.
            All those Articles “Malware problem on Android” etc. are from AV Software companies ;)

      • Bjajjull

        I read on another website that it goes back to the virus after five seconds, so you got five seconds to uninstall

        • KingofPing

          Plenty of time. If you’re in settings and it kicks you back…”recents” is a wonderful softkey. :)

      • Annie

        I’m reading all these comments and obviously nobody on here has had this happen. I checked my phone this morning and this carp is there. It locks your phone. No status bar, no settings, none of that. You can’t access anything, can’t get into your settings, can’t reboot the phone. You can’t do any of the carp people are suggesting.
        I let my brother use my phone for one day because his died, as in he dropped it in the sink. All these comments are basically saying that if you dont know how to fix it your stupid, but this thing locks your phone, making it impossible to do any of the things you guys are suggesting.

  • Corey Watford

    If you visit those kinds of sites in the firstplace, you deserve this kind of scareware

    • Mista_Mr

      Whatever dude you know you were visiting those asian porn sites.

      • kcocymkcus

        vomiting asian babes , not good.

      • chaki-

        It takes one to know one :D

        • Mista_Mr

          Me likes it long time!!

    • KingofPing

      Hmmm…your judgmental false moral superiority is showing. You might want to have that looked at.

    • Phil Rigby

      No you don’t. Just because it’s against your morals, or the law in one particular country, doesn’t necessarily make it wrong everywhere. People have free will, that’s still allowed. Not for much longer, but for right now it is.

  • Mr james bunt

    What more do NSA want from us ? What we do everyday, what time we sleep or what is my favorite food ?

    • bob

      Its fake

  • mike

    Should say you are accused of being a dumbass and by downloading this malware you have now confirmed it lol

    • Phil Rigby

      True dat.

  • KingofPing

    That quote is crap.

    it cannot be “automatically downloaded” is the user must “change android settings” and “manually install and apk”.

    Typical scare-mongering. Nothing to see here….

  • BozzyB

    By now Google should know about this. Google Services will uninstall it automatically with the next scan if any other devices are infected. 68 victims… out of Millions.. smh

  • Ryu

    Nothing special about this. Normal malware creators manipulating the non tech-saavy people just like always.

    That is a OnePlus One screenshot, I’m guessing, too.

    • David Gabel

      No. the OnePlus One has capacitive buttons just like it’s Oppo Find series brethren do. That button layout is either a Nexus or running a custom ROM with on screen keys.

      • Ryu

        The OPO has an option to turn on or off on screen buttons.

        It’s basically been shown in every OPO video…

        • David Gabel

          Intriguing. Though considering it’s running CM11, it’s not a huge surprise. And, I like the on screen keys.

          • Ryu

            Yeah, it has lots of things you normally have to root and install a ROM for.

            I like on screen keys as well.

  • SeraZR™

    Thou has arrived *_*

  • Brandon Power
  • Quinlan M


  • Aditya Bhatt

    Worst case scenario, just do a factory reset dumbassess !

    • Annie

      Except for the part where you can’t access anything. Wtf is wrong with you people? Can’t you read? It locks your f***ing phone!! I have been trying to factory reset for the last thirty minutes. And all because my brothers an a**hole!! This thing won’t let me access the settings, as somebody so helpfully suggested, or the status bar as somebody else suggested. It won’t let you do anything.

      • Corey Watford

        Power down, boot into recovery and factory reset if you can’t uninstall it via status bar

      • Aditya Bhatt

        You don’t need to access your phone’s settings to do a reset always. You can boot into recovery mode of your phone and just select the option wipe data or factory reset.

  • mustbepbs

    Here will be some fodder for anti-Android advocates to throw around, touting how “secure” iOS is like they used to for OSX before hackers put them and Steve Jobs in their places.

    It’s not that any platform is inherently more “secure”, it’s that some platforms garner a much larger user base than others, thus making it a more tantalizing target for hackers and malicious software developers to try to rip off the larger slice of the pie. Why fish in the small pond when you can fish in the ocean?

  • Chirag Jain

    such malware ,much fun, send to others
    well i got su madafaka, malware i want you to meet the terminal( your terminator)

  • AJV

    Android sucks long live Apple 

  • hzd

    Wow, some people are so dumb.

    Power down, boot into recovery and factory reset if you can’t uninstall it via status bar

  • justin

    read the article if you want a little more proof that it is in fact a scam.