Cryptolocker Like Ransomware Spreads to Android Devices
Quick, pay this fine or the FBI will arrest you! That's how a new type of Android ransomware is tricking people into paying up. Once installed, the malware, dubbed "Koler.A," locks up the phone, preventing users from accessing the home screen and effectively holding the phones ransom until users pay $300. "Koler.A," first detected Sunday (May 4) by the pseudonymous French security blogger Kafeine, is one of the first discovered examples of Android ransomware, and the first known "police Trojan" for Android. Fortunately, its bark is worse than its bite.
Koler.A spreads using malicious traffic-distribution systems (TDS) — short pieces of software placed on websites, often through ads, that redirect visitors to other sites. Malicious TDS's detect visitors' browsers, operating systems and countries of residence, and redirect them to malicious Web pages with embedded browser exploit kits tailored to each victim. In the case of Android devices, the visitor's browser will be redirected to a fake pornography website that will try to trigger a drive-by download (which won't work if the device is set to reject any app from outside the Google Play store).
However, even if the download succeeds, the Android user will have to manually approve the app's installation. The malware creators have to trick users into thinking the malicious app is harmless. How do the ransomware creators trick these discerning porn site visitors? By promising more porn, of course! Kolar.A presents itself as BaDoink, a video player app that often needs to be installed to view streaming porn on mobile devices.
Senior Member
Posts: 658
Joined: 2006-05-26
I would lough out load if saw this
Senior Member
Posts: 1840
Joined: 2005-08-12
So if I get this right, in order to get "infected" with this ransomware you have to:
1: Somehow ended up in a fake pornography website from your phone. Okay not that hard.

2: Initiate a download or if its initiating automatically let it continue. If its not blocked by the OS if "Unknown Sources" option in "Security" inside the android "Settings" its checked that is.
3: Manually install this fake app whatever its name is to get "infected".

I can't think what to write as a conclusion to the above without being offense or sound like a prick. I think most will get what I'm saying.

I must admit sometimes it happened to myself that some "crapware" app manage to bypass me and get downloaded but was either immediately cancelled or deleted if it managed to be downloaded.
It's not only that. By reading this article, I understood that if you have other non-Play-Store sources enabled, they might use some exploit in case you have unpatched browser, which is not that unlikely.
Phone software is frequently insecure, so we might have reached a point in time, where installing antivirus software becomes a good practice.
Senior Member
Posts: 2647
Joined: 2013-02-26
Believe me, you wouldn't be laughing even if something similar didn't happened to you...
About 10 days ago we had a (middle age female) client, she brought us her Acer Aspire One 752 netbook with Windows 7 Home Premium 64bit she was using for years without any kind of protection: no anti-virus (some idiot who did maintenance of that netbook earlier even disabled Windows Defender), no anti-spyware... nothing!
Few days before she had noticed that wallpaper has changed: black screen with message that her computer is infected with BitCrypt v2.0 (bug fixed) malware, all files (pictures, documents...) are cripted blah, blah... and if she wants to have them back she has to follow procedure in some *.txt file, install Tor browser, go to some link and insert ID of her computer...blah...blah...
At the end the only solution for geting back thousands of her pictures and documents is to pay 230$ ransom and then she will receive program and password on her e-mail with procedure how to unlock all her personal files on HDD of that Acer netbook. There is no other solution at this moment, BitCrypt v2.0 (bug fixed) encription is currently impenetrable...
She was so depressed because of thousands of pictures/memories she can't see anymore and I had shared her pain because she wasn't able to pay a 230$ ransom, but... But when I asked her: "...do you know you aren't using any kind of protection software on that netbook, and you are using that netbook for years!?" ...she answered me: "..yes, I know that...". "... WTF is wrong with you lady, there is dozens of free anti-virus and anti-spyware software out there for personal use!?..." went through mi mind after her stupid answer.
How come anyone be so stupid to use something for years without any kind of protection or backup solution (e.g. external USB HDD), store all kinds of memories and personal files on that thing and expect nothing will happen, ever?!
At the same time I felt sorry and I was mad at her because of her stupidity...
Just to add one more thing: she was blonde....
Senior Member
Posts: 2843
Joined: 2009-09-15
It's not only that. By reading this article, I understood that if you have other non-Play-Store sources enabled, they might use some exploit in case you have unpatched browser, which is not that unlikely.
Phone software is frequently insecure, so we might have reached a point in time, where installing antivirus software becomes a good practice.
I think the below quoted text from the article is pretty clear. Its just an app to be downloaded and you need to install it in order to get "infected".
Quote from the article:
"However, even if the download succeeds, the Android user will have to manually approve the app's installation."
Senior Member
Posts: 2843
Joined: 2009-09-15
So if I get this right, in order to get "infected" with this ransomware you have to:
1: Somehow ended up in a fake pornography website from your phone. Okay not that hard.
2: Initiate a download or if its initiating automatically let it continue. If its not blocked by the OS if "Unknown Sources" option in "Security" inside the android "Settings" its checked that is.
3: Manually install this fake app whatever its name is to get "infected".
I can't think what to write as a conclusion to the above without being offense or sound like a prick. I think most will get what I'm saying.
I must admit sometimes it happened to myself that some "crapware" app manage to bypass me and get downloaded but was either immediately cancelled or deleted if it managed to be downloaded.