- Jul 14, 2014
- 174
The security firm AdaptiveMobile has discovered a new variant of Koler ransomware is capable of self-replication via SMS messages.
A new strain of the Koler Android ransomware is threatening the mobile industry, the new variant spreads itself via SMSs and holds the victim’s device phone hostage until a ransom is paid.
The Koler ransomware were detected by experts at Kaspersky Lab in July, the researchers issued a report on the malware explaining that it was targeting targeting both Android devices and desktop browsers.
The first variant of the Koler Android ransomware was observed in May when the Trojan was spread through certain pornographic websites under the guise of legitimate apps.
Implementing a classic extortion scheme locks the victim’s device display and then requests money from victims. The malware displays fake notifications from law enforcement agencies that accuse victims of viewing and storing child pornography.
Security experts from mobile security firm AdaptiveMobile have discovered a new variant of the mobile malware Worm.Koler that allows the malicious code to spread via SMS, sending shortened bit.ly URL.
The security firm has already observed thousands of messages from hundreds of infected phones, mainly located in the US.
“the Android malware Koler, which now spreads by text message and holds infected users’ phones hostage until a “ransom” is paid. AdaptiveMobile detected the emergence of the worm on October 19th, and has blocked thousands of messages from hundreds of infected phones. The attack is occurring worldwide, but the majority of the infected phones are in the United States.” states the blog post published by the company.
The attack scenario is very interesting, the Koler worm sends an SMS message with a bitly link stating that an account with the user’s photos has been created. To spread itself, the koler worm first sends an SMS message to all contacts in the mobile’s address book with a text stating:
“Someone made a profile named -[the contact's name]- and he uploaded some of your photos! is that you?” followed by a Bitly link.
The victim is re-directed to a DropBox folder containing a “PhotoViewer” app trojanized with the malware. Once installed, the maclious app locks the victim’s devices requesting the payment of a fee to unlock it.
There are lots of articles about this new strain of ransomeware being spread by sms text messaging. And the maps show the USA as the most infected right now,but it is spreading worldwide. It still can be deleted by entering safe mode, and uninstalling the photo viewing app. There is another strain installing a flash player as a device administrator,so with that one,be sure to go to settings,security,and under device admin,unchech flash,then back to apps,all,and uninstall it. There are probably going to be more versions with different types of apps,but so far,if you know what to do,it is easily defeated! So, as always,keep your setting off for installing apps from unknown sources.
Also,Malwarebytes mobile beta just went stabile a few days ago,and they now block sms files containing malware. And other upgrades in version 1.05.0.9000 available in playstore now.
Looks like MalwareTips is growing by leaps and bounds! Congrats!!!
Last edited by a moderator:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
