How to Avoid Koler Android Ransomware to Spread via SMS

0
593

Koler Android Ransomware

Now a days Android operating system are under attack new Android malware Koler Ransomware,  It is spreads itself via spam message to infected mobile phone and takes control over the mobile phone screen until a victim’s paid the money.

Koler Android ransomware Trojan distributed via porn video websites with legitimate links and apps. It control infected victim’s mobile phone screen and then demands money from users with a fake FBI warning notifications accusing users of viewing and storing child pornography.

security firm AdaptiveMobile also found a new self-propagation module that allows it to spread by sending SMS messages to trick users into opening a shortened bit.ly URL.

Analysis

Name: IMG_7821.apk
Md5: c7ee04bf3e42640ef6b5015b8af01f4f

Permissions:
android.permission.INTERNET
android.permission.READ_CONTACTS
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SEND_SMS
android.permission.SYSTEM_ALERT_WINDOW

The user’s device screen gets locked with following fake warning upon infection:

How to work Koler Worm

The rare piece of mobile malware – named Worm.Koler – that allows the malware to send an SMS message to all contacts spam message and attempts to trick users into opening a shortened bit.ly URL, turning Koler into an SMS worm.

After the device is infected by Worm.Koler, Spam SMS messages are send to all contacts in the smart phone device’s address book with a text stating, “Someone has create a profile name and uploaded your photos! is that you?” followed by a Bitly link, according to the security firm.

Infected mobile victim clicks on the Bitly link. It will redirected to a Dropbox page with a download link for a ‘PhotoViewer’ app. if victim download installed, apps will push a ransom screen to pop up incessantly. and ransom message appeared the device has been locked up using a illicit content and users must pay some amount. Victim device completely phone blockedand won’t be able to close the window

Infection Spreading Rapidly

The Worm.Koler INFECTION SPREADING RAPIDLY at least 30 countries, including the U.S. During this short period, we have detected several hundred phones that exhibit signs of infection

How to Protect and Eliminate the Threat

Koler does not encrypt files so dont panic and never authorize any payment

two simple steps:

Reboot your phone in the “Safe Mode”
Remove the ‘PhotoViewer’ app using standard Android app uninstallation tool

Conclusion

If you want to avoid in future “Unknown Sources” option turned off in your Android device’ security settings menu. Download apps only from the official Google Play store or authorized stores only. and follow the Mobile Security.

SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here