How to Avoid Koler Android Ransomware to Spread via SMS

Koler Android Ransomware

Now a days Android operating system are under attack new Android malware Koler Ransomware,  It is spreads itself via spam message to infected mobile phone and takes control over the mobile phone screen until a victim’s paid the money.

Koler Android ransomware Trojan distributed via porn video websites with legitimate links and apps. It control infected victim’s mobile phone screen and then demands money from users with a fake FBI warning notifications accusing users of viewing and storing child pornography.

security firm AdaptiveMobile also found a new self-propagation module that allows it to spread by sending SMS messages to trick users into opening a shortened URL.


Name: IMG_7821.apk
Md5: c7ee04bf3e42640ef6b5015b8af01f4f


The user’s device screen gets locked with following fake warning upon infection:

How to work Koler Worm

The rare piece of mobile malware – named Worm.Koler – that allows the malware to send an SMS message to all contacts spam message and attempts to trick users into opening a shortened URL, turning Koler into an SMS worm.

After the device is infected by Worm.Koler, Spam SMS messages are send to all contacts in the smart phone device’s address book with a text stating, “Someone has create a profile name and uploaded your photos! is that you?” followed by a Bitly link, according to the security firm.

Infected mobile victim clicks on the Bitly link. It will redirected to a Dropbox page with a download link for a ‘PhotoViewer’ app. if victim download installed, apps will push a ransom screen to pop up incessantly. and ransom message appeared the device has been locked up using a illicit content and users must pay some amount. Victim device completely phone blockedand won’t be able to close the window

Infection Spreading Rapidly

The Worm.Koler INFECTION SPREADING RAPIDLY at least 30 countries, including the U.S. During this short period, we have detected several hundred phones that exhibit signs of infection

How to Protect and Eliminate the Threat

Koler does not encrypt files so dont panic and never authorize any payment

two simple steps:

Reboot your phone in the “Safe Mode”
Remove the ‘PhotoViewer’ app using standard Android app uninstallation tool


If you want to avoid in future “Unknown Sources” option turned off in your Android device’ security settings menu. Download apps only from the official Google Play store or authorized stores only. and follow the Mobile Security.

Add Comment