ransomware spreading by SMS in android phones

"Koler is a piece of malware that blackmails users of infected phones by blocking screen with an intimidating fake law enforcement notification page, and scares the victim to pay a “fine” to unlock their phone. This type of malware was first spotted in May this year blackmailing victims on Android devices. In July new reports suggested a new version that can also target PC’s.


This time though we have detected a new strategy to spread the infection. In this new variant of Koler (Worm.Koler) we found that it is now capable of self-replication via SMS messages which are sent to contacts in the address book of an infected device containing a bit.ly URL.  This appears to be an attempt for the malware writer to improve the infection rate over earlier versions, which relied on hiding the malware in porn sites.


The attack starts with the victim receiving an SMS message from a phone number of someone they know that states:


someone made a profile  named -Luca Pelliciari- and he uploaded some of your photos! is that  you? http://bit.ly/xxxxxx

clicking on links in SMS traffic - even from friends - is always stupid

surfing porn sites without having all your protection on (antivirus that is) is always stupid

The comments are closed.