SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
7 May 2014

How extortionists block smartphones and what to do

Researchers have uncovered Android-based malware that disables infected handsets until end users pay a hefty cash payment to settle trumped-up criminal charges involving the viewing of illegal pornography.

To stoke maximum fear, Android-Trojan.Koler.A uses geolocation functions to tailor the warnings to whatever country a victim happens to reside in. The screenshot to the right invoking the FBI, for instance, is the notice that's displayed on infected phones connecting from a US-based IP address.

People in Romania and other countries will see slightly different warnings. The malware prevents users from accessing the home screen of their phones, making it impossible to use most other apps installed on the phone. The normal phone functions in some cases can be restored only when the user pays a "fine" of about $300, using untraceable payment mechanisms such as Paysafecard or uKash.

The discovery of Koler.A comes 18 months after researchers from Symantec found that so-called ransomware extorts an estimated $5 million a year from users of traditional PCs. Ransomware refers to malware that disables computers and demands that cash payments be paid to purported law-enforcement agencies before the machines are restored. More recently, ransomware scammers upped their game by building strong cryptography into malware, known as Cryptolocker, that holds entire hard drives hostage until end users pay a Bitcoin ransom of $300.

The functions in Koler.A have been obfuscated to slow down the process of analyzing exactly how the malware works. Still, there's no evidence that the malware encrypts any files on a phone's storage.

"The ransomware's main component is a browser view that stays on top of all other applications, Bitdefender Senior E-Threat Analyst Bogdan Botezatu wrote in an e-mail. "You can press Home and go to the homescreen, but a timer would bring it back on top in about 5 seconds. I managed to uninstall it manually by swiftly going to applications and dragging the icon on the Uninstall control, but it only works if the application icon is on the first row. Otherwise, one wouldn’t have the necessary time to drag it to the top, where the uninstall control is located."

The malicious Android Package is automatically downloaded when people visit certain pornography sites using an Android phone. The sites then claim that the APK installs a video player used for premium access. To be infected, a user must change Android settings to allow out-of-market apps and then manually install the APK. The social engineering trick has already claimed at least 68 victims in the past six hours—40 in the United Arab Emirates, 12 in the UK, six in Germany, five in the US, and the rest in Italy and Poland.

Koler.A is another reminder that Android users are quickly being targeted by the same malware and social engineering attacks that have plagued Windows users for years and more recently have started migrating to those using Macs. People should remain highly cautious when downloading Android apps, especially those available from sources other than the official Google Play Store.

Tags:
surveillance Android FBI USA fraud
Source:
Ars Technica
2210
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015