At the beginning of May 2014, we detected a new mobile ransomware named
AndroidOS.Koler.a. As the name suggests, this affects mobile devices running Google’s
Android operating system.
Once the malicious code is installed, it shows a screen purportedly from a law enforcement
agency (selected according to the user’s region) demanding the payment of a fine for illegal
use of the device. The malware does not encrypt or delete the files stored on the infected
devices.
In order to unlock the device, an amount between $100 and $300 is requested. The criminals
behind this campaign are using MoneyPak, Ukash and PaySafe as payment methods.
The malicious application was distributed via a pornographic network, so some visitors to
adult-themed sites could easily be tricked into believing the warning screen and pay this
ransom. Exactly the same method was used very successfully by attackers a few years ago
in an attack that targeted Windows users.
The malware is not automatically downloaded or installed on the victim’s device. Since July
23rd, the mobile part of the campaign was disrupted and the Command and Control server
started sending “Uninstall” request to victims.
So why was this campaign of interest? Because of the remarkable distribution infrastructure
used to spread the malware.
more here.................https://kasperskycontenthub.com/securelist/files/2014/07/201407_Koler.pdf
AndroidOS.Koler.a. As the name suggests, this affects mobile devices running Google’s
Android operating system.
Once the malicious code is installed, it shows a screen purportedly from a law enforcement
agency (selected according to the user’s region) demanding the payment of a fine for illegal
use of the device. The malware does not encrypt or delete the files stored on the infected
devices.
In order to unlock the device, an amount between $100 and $300 is requested. The criminals
behind this campaign are using MoneyPak, Ukash and PaySafe as payment methods.
The malicious application was distributed via a pornographic network, so some visitors to
adult-themed sites could easily be tricked into believing the warning screen and pay this
ransom. Exactly the same method was used very successfully by attackers a few years ago
in an attack that targeted Windows users.
The malware is not automatically downloaded or installed on the victim’s device. Since July
23rd, the mobile part of the campaign was disrupted and the Command and Control server
started sending “Uninstall” request to victims.
So why was this campaign of interest? Because of the remarkable distribution infrastructure
used to spread the malware.
more here.................https://kasperskycontenthub.com/securelist/files/2014/07/201407_Koler.pdf