October 31, 2014 By Shane Schick 2 min read

Most people would have a hard time imagining life without their mobile phone, but a new variant of the Koler Android ransomware is not only infecting devices via SMS, but also effectively holding them hostage until victims pay up.

According to HackerNews, those responsible for the attacks are trying to get consumers to click on a bit.ly link that they are distributing via text message. The link launches the Koler Android ransomware as a type of SMS worm. Adaptive Mobile researchers were among the first to notice and raise awareness about the attacks.

Experts told SC Magazine that the hackers are demanding around $300 once a device has been compromised by showing the user a pop-up screen via a photo-viewing app. Unfortunately, it doesn’t end there: Even as consumers consider whether to make a payment using MoneyPak, the Koler Android ransomware will spread through the smartphone’s contact list, sending a message that says, “someone made a profile of [contact name] and he uploaded some of your photos! is that you?” along with the link.

An article on PCAdvisor says the window that the Koler Android ransomware opens up to cover the entire screen is designed to look as though it came from a law enforcement agency such as the FBI. It accuses the user of viewing child pornography (or storing it) and positions the ransom demand as a “fine.”

This particular variant of the Koler Android ransomware borrows techniques from Selfmite and other SMS worms, according to Adaptive Mobile. Besides using text messages, the social-engineering trick of tapping into someone’s address book makes it more likely that other victims will click through, particularly since the message is only sent once in order to appear natural.

Hundreds are expected to have been affected by the attacks in just the first day, TechWorld reported, with approximately 75 percent of the known incidents taking place in the United States. Because the bit.ly URL goes to a Dropbox page, Adaptive Mobile was able to ask the cloud-based storage firm to deactivate the embedded link. However, it wouldn’t be difficult for the attackers to simply change where the link is hosted.

Though its use of SMS and Dropbox may be novel, the Koler Android ransomware may not turn out to have the same impact as Selfmite, which was discovered in June and reportedly sent thousands of dangerous text messages across some 16 countries. Even if the attackers don’t get money from their victims, these types of attacks can prove to be expensive for smartphone users who don’t have SMS as part of their data plan.

Either way, consumers using Android devices may want to be particularly careful about how they treat messages, even from people they know — especially if they contain a vague-looking link within them.

More from

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today