Android Ransomware Ars Technica

Ars Technica alerts us to research that has uncovered Android-based malware that disables infected handsets until the users pay a cash payment to for their viewing of illegal pornography:

“The malware is automatically downloaded when people visit certain pornography sites using an Android phone. The sites then claim that the APK installs a video player used for premium access. To be infected, a user must change Android settings to allow out-of-market apps and then manually install the APK.”

Using the logo of the FBI and President Barack Obama, Android-Trojan.Koler.A uses a location function to tailor the warnings to whatever country that you reside in. The malware prevents users from accessing the home screen of their phones, making it impossible to use most other apps installed on the phone.

In some cases, a phone can be restored only when you pay a so-called “fine” of about $300, using payment services such as Paysafecard or uKash that are incredibly difficult to trace. Thankfully, there is no evidence that the malware encrypts any files on a phone’s storage.

The malware has already claimed at least 68 victims in the past six hours:

  • 40 in the United Arab Emirates
  • 12 in the UK, six in Germany
  • 5 in the US
  • Others in Italy and Poland

Almost two years ago, Symantec found that malware extorts an estimated $5 million a year from users through devices that become unusable and often display logos of local law-enforcement agencies, along with warnings that the user has violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours. The report identified at least 16 different ransomware versions spawned by competing malware gangs.

More recently, scammers have built strong cryptography into malware, known as Cryptolocker, that holds entire hard drives hostage until end users pay a Bitcoin ransom of around $300.

Ransomware Kiandra

These issues are another reminder that Android users are being targeted by the malware and social engineering attacks.


Read comments