Android Ransomware Spreading Quickly Through US Users
A new Android ransomware threat is spreading fast thanks to it adapting to become a worm spread through text messaging. The Koler Android trojan was discovered by AdaptiveMobile in the United States and managed to affect hundreds of users in just one day. John E. Dunn of TechWorld explained how the Koler trojan is spreading so rapidly.
Koler began infecting victims who visited untrusted websites like porn and gambling sites. Many examples of mobile malware stays quarantined to those areas and never becomes a large scale problem for the general public. Koler, however, transformed into an SMS worm, which means it sends a shortened and disguised link via text message to everyone in an infected user’s contacts. That link appears to be from the user, which results in many of their contacts clicking on it and being infected themselves.
Those that click on the link are sent to a Dropbox page and asked to install a photo viewing app in order to see some photos that “someone” has uploaded of them. Agreeing to this download results in the Koler trojan to take quick effect.
Almost immediately, the user’s screen is blocked by a message supposedly from the FBI. A ransom is demanded to unlock the phone. Meanwhile, that same link is sent to the user’s contacts.
The good news is that if the default security options are enabled on your Android device, the download of the malware should be blocked because it stems from a third-party. However, many users have already discovered that their security settings aren’t configured correctly to protect them from a threat like this.
The make-up of this attack isn’t complicated, which means it’s also fairly straightforward to disable it. Dropbox has already been asked to remove the download from its servers and disable to link. Attackers could easily move their malicious files elsewhere and continue to victimize Android users, however.
If your device becomes infected by malware, Geek Rescue will fix it. Stop by or give us a call at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
October 22nd, 2014