united-states-ransomware-614x1024There’s a new malware in town, and it’s preying on Android porn viewers. If you’ve been to a porn site or malicious sites on your PC or Anroid device, this scenario will sound all too familiar:

As the user browses, an application that claims to be a video player used for premium access to pornography downloads automatically. Unlike the Windows-based Reveton that is delivered via zero-interaction exploits, Koler.A still requires the user to enable sideloading and manually install the application.

Once in, the Trojan launches a browser on top of the Home screen and briefly displays a logo of the player it impersonates…

Once in control of your device, the trojan is able to take control of your smartphone browser. The malware then bait users into paying $300 in bitcoins for their personal data even though the virus may not have permission to touch your personal data. It’s digital extortion, but you can avoid it by not downloading software outside of official app stores. If you do, there are steps to removing the ransomware:

The Trojan disables the back button, but still lets you briefly return to the Home screen. After you press the Home screen, you have five seconds to uninstall the APK before a timer brings the malicious application back to the foreground. This goes on every five seconds until you pay the ransom.

Although the message claims the stored data is encrypted, the application does not have the permissions it needs to touch files; it’s a lie to push users into paying the $300 ransom.

The bad news is that, by the time you see the message, the bad guys already have your IMEI on file. The good news is that Koler.A can be easily removed by either pressing the home screen  and navigating to the app, then dragging it on the top of the screen where the uninstall control is located, or by booting the device in safe mode and then uninstalling the app.

 

united-states-ransomware-614x1024

We suggest you read the whole story about Android ransomware on Bitdefender’s lab blog.