Pay a $300 fine or else your Android phone will be locked

May 8, 2014

Android Ransomware Ars Technica

Ars Technica alerts us to researchĀ that has uncovered Android-based malware that disables infected handsets until theĀ users pay a cash payment to for theirĀ viewing of illegal pornography:

“The malwareĀ is automatically downloaded when people visit certain pornography sites using an Android phone. The sites then claim that the APK installs a video player used for premium access. To be infected, a user must change Android settings to allow out-of-market apps and then manually install the APK.”

Using the logo of the FBI and President Barack Obama, Android-Trojan.Koler.A uses aĀ location function to tailor the warnings to whatever country that youĀ reside in. The malware prevents users from accessing the home screen of their phones, making it impossible to use most other apps installed on the phone.

In some cases, a phone can be restored only when youĀ pay a so-called “fine” of about $300, using payment servicesĀ such as Paysafecard or uKash that are incredibly difficult to trace. Thankfully, there is no evidence that the malware encrypts any files on a phone’s storage.

The malwareĀ has already claimed at least 68 victims in the past six hours:

  • 40 in the United Arab Emirates
  • 12 in the UK, six in Germany
  • 5 in the US
  • Others in Italy and Poland

Almost two years ago,Ā Symantec found that malwareĀ extorts an estimated $5 million a year from users through devices thatĀ become unusable and often display logos of local law-enforcement agencies, along with warnings that the user has violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours.Ā The report identified at least 16 different ransomware versions spawned by competing malware gangs.

More recently, scammers have builtĀ strong cryptography into malware, known as Cryptolocker, that holds entire hard drives hostage until end users pay a Bitcoin ransom of around $300.

Ransomware Kiandra

These issues areĀ another reminder that Android users are being targeted by the malware and social engineering attacks.