Android ransomware, Koler, spread via SMS messages

Known as Koler, this Android malicious app takes over the screen of devices and extorts money from users with fake notifications from law enforcement agencies.

It has been updated so that it now is spread via text message spam. It was first noticed in May and was spread through porn wevsites under the guise of legitimate apps. The researchers from security firm AdaptiveMobile found that it now spreads through SMS messages that attempt to trick users into opening a shortened bit.ly URL.

Victims are asked to pay a “fine” using MoneyPak prepaid cards in order to regain control of their phones.

This newer version sends text messages to all of the users contacts with the message: “someone made a profile named -[the contact’s name]- and he uploaded some of your photos! is that you?” followed by a bit.ly URL.

Yicheng Zhou, a security analyst at AdaptiveMobile, said: “Due to the Worm.Koler’s SMS distribution mechanism, we are seeing a rapid spread of infected devices since the 19th of October, which we believe to be the original outbreak date. During this short period, we have detected several hundred phones that exhibit signs of infection, across multiple US carriers. In addition to this, other mobile operators worldwide—predominantly in the Middle East, have been affected by this malware.”

The best protection against ransomware threats like Koler is to have the “unknown sources” option turned off in the Android security settings menu. When this setting is disabled—and it typically is by default—users won’t be able to install applications that are not obtained from the official Google Play store.