An active malware known as Koler had been spotted in United States. This new kind of Android ransomware blackmails the user of the infected handset by blocking the screen and putting up a fake law notification page that says the user must pay a ‘fine’ to unlock his phone.
It had first circulated in May 2014 on Android phones, then in July, versions for PC had also surfaced. In October, the newest of its kind is able to self replicate and infect those in the contacts list of the phone by sending them an SMS. The creator of the malware seemed to be dedicated in multiplying his victims faster than the previous versions that was believed to be connected to certain porn sites.
The infection starts when someone receives an infected test message from someone they know. The text says that someone had uploaded his photos accompanied by a URL http://bit.ly/xxxxxx. The message end with a hooking question ‘Is that you?’.
The same message had been used in Facebook earlier in 2014. Many had been fooled and was hooked by the message with piqued curiosity. When the unsuspecting victim clicks the accompanying link, a dropbox page will appear asking the victim to download and save an app called PhotoViewer. As soon as it is installed, a fake FBI page will block the handset’s screen stating that the phone was detected to be involved with child pornography and zoophilia. The victim will be given a chance to waive the accusation by paying a fine through Money Pak Voucher.
On October 19th, several hundred phones had been detected to have the Android ransomware attack. The user won’t be able to close the window nor delete the app as the phone had been blocked by the malware. They would be forced to purchase the voucher and send the code to the malware author, however, this does not guarantee the unlocking of the phone. Reference: adaptivemobile