Advertisement
Advertisement

Terrifying police ransomware porn scam locks Android phones and demands $300

James Temperton
8 May 2014
Koler Android ransomware
Advertisement

Android scam asks people to pay up after viewing illegal pornography

If you peep at porn on your Android phone or tablet you could soon be infected by a nasty piece of ransomware.

People browsing malicious porn websites are being tricked into installing an application that claims to be a "premium" video player. Once installed, the ransomware displays a warning message explaining that a person has looked at "banned pornography".

The warning is different depending on where the infected phone is, with a US version featuring the American flag and Barack Obama and a UK version including images of a policeman and the Queen.

While it demands a $300 (£177) ransom to unlock the phone, the ransomware doesn't have such capabilities. Unlike well-known PC ransomware such as Cryptolocker this Android variant doesn't have permissions on the device that allow it to encrypt files.

"Although the message claims the stored data is encrypted, the application does not have the permissions it needs to touch files; it’s a lie to push users into paying the ransom," said Catalin Cosoi, chief security strategist at antivirus firm Bitdefender.

The ransomware, known as Android.Trojan.Koler.A, disables the phone's back button but still allows a user to return to the home screen. After five seconds the warning screen will reappear, making it impossible to use the phone. The ransomware is also able to steal an infected phone's IMEI number, which is then sent to the hackers.

Infected devices can be fixed by either uninstalling the app that displays the ransom message or by rebooting the phone or tablet in safe mode.

Cosoi said that while this first piece of Android ransomware might be quite basic, it is likely to be a test run for more advanced attacks:

“If this is the case, we should expect much more sophisticated strains of ransomware, possibly capable of encrypting files, to emerge shortly," he warned.

Read more

News