SECURITY firm Adaptivemobile has uncovered a new variant of the “Android.Koler.A” malware which is being called Worm.Koler and is spread by SMS message.
The message received will typically read: “someone made a profile named -[the contact’s name]- and he/she uploaded some of your photos! Is that you?” This will then be followed by a ‘bit.ly’ URL. On clicking the link it will redirect the victim to a file hosting service. Once on that site the victim is encouraged to download an app called ‘Photoviewer”.
Once this app is installed a pop up screen will appear stating that the device has been locked by the police and the user must pay a certain amount to unblock the device.
While this is happening on the screen, in the background, an SMS message will be spammed out to all contacts on the victim’s phone. The message is only sent once to make it appear more authentic.
It appears that this variant is currently being aimed at the US, as the pop screens are US based e.g. purporting to be from the FBI. It is likely that UK has already or is likely to be affected, but to date the NFIB has not received any reports detailing this type of ransomware.
If you are unsure about any messages containing a link do not click on them, and think about contacting the sender for verification that they intended to send you the message.
Only download apps from a reputable source such as Google Play Store.
It is recommended that any victims of this ransomware complete a manufacture reset of their device and then reinstall their apps afterwards. This could cause a potential loss of data such as photos, if they have not already been backed up. If the malware restricts you from getting into you phones settings, put the phone into safe mode (please refer to your phones instruction manual) and remove the app. Once this is done, perform a complete reset of your phone.
For further information please contact the Lincolnshire Police Crime Deduction Unit at crime.reduction@lincs.pnn.police.uk.
Further advice can be found at www.getsafeonline.org.
Leave a Reply
You must be logged in to post a comment.