To stoke maximum fear, ransomware geolocates users, targets them by country.
Researchers have uncovered Android-based malware that disables infected handsets until end users pay a hefty cash payment to settle trumped-up criminal charges involving the viewing of illegal pornography.
To stoke maximum fear, Android-Trojan.Koler.A uses geolocation functions to tailor the warnings to whatever country a victim happens to reside in. The screenshot to the right invoking the FBI, for instance, is the notice that's displayed on infected phones connecting from a US-based IP address. People in Romania and other countries will see slightly different warnings. The malware prevents users from accessing the home screen of their phones, making it impossible to use most other apps installed on the phone. The normal phone functions in some cases can be restored only when the user pays a "fine" of about $300, using untraceable payment mechanisms such as Paysafecard or uKash.
Full Article
Your Android phone viewed illegal porn. To unlock it, pay a $300 fine
Userlevel 7
+54
Userlevel 5
It's not unsuprising that ransomware has started to target mobile devices, fortunately even most end users have most fo their data backed up so it's not a big deal if you have to factory reset the phone.
Userlevel 7
The biggest surprise here is only if Android Ransomware is new. It has been quite lucrative in the Windows, so it was only a matter of time before appearing on Mobile devices.
I agree with Chris: my Android is backed up better than my Windows laptop to be honest, with some items being backed up to multiple locations, and reinstalling Android apps is far easier than Windows programs.
I agree with Chris: my Android is backed up better than my Windows laptop to be honest, with some items being backed up to multiple locations, and reinstalling Android apps is far easier than Windows programs.
Userlevel 7
@DavidP1970 wrote:That's true David!
I agree with Chris: my Android is backed up better than my Windows laptop to be honest, with some items being backed up to multiple locations, and reinstalling Android apps is far easier than Windows programs.
My S5 with KitKat onboard is as well protected as my laptop - or maybe even better, because it is less exposed to threats.
Userlevel 4
This malware is certainly interesting from a mobile perspective, but nothing about it is particularly new. For instance, we have had a trace to detect at least one variant of it for a little over a week now.
The key to this infection is, like most others, you have to go in and manually enable "Allow 3rd Party Sources" and then manually install the downloaded APK. You should NEVER do either of these things unless you absolutely, 100% know where the APK in question came from.
If you ever have doubts, you can always test the APK in a virtual environment or submit it to VirusTotal before opening it on your phone. You can even put the file on your phone's internal storage and run a scan with Webroot. If we know the file to be malicious, it will be detected just sitting there on the storage. Same goes for if you attempt to install it anyways, as long as Webroot is also running and keeping your phone protected at the time.
The key to this infection is, like most others, you have to go in and manually enable "Allow 3rd Party Sources" and then manually install the downloaded APK. You should NEVER do either of these things unless you absolutely, 100% know where the APK in question came from.
If you ever have doubts, you can always test the APK in a virtual environment or submit it to VirusTotal before opening it on your phone. You can even put the file on your phone's internal storage and run a scan with Webroot. If we know the file to be malicious, it will be detected just sitting there on the storage. Same goes for if you attempt to install it anyways, as long as Webroot is also running and keeping your phone protected at the time.
Userlevel 7
CameronP, are you serious? This bug must be installed only by manually turning off the 3rd party block, and downloading from a source other than GooglePlay or other authorized app locations?
LOL sorry if I missed that to begin with. That would indeed make this threat remarkably difficult to be hit by.
LOL sorry if I missed that to begin with. That would indeed make this threat remarkably difficult to be hit by.
Userlevel 7
Hi Cameron,
Thanks for sharing your thoughts.
Do you think that Android users who had their smartphones "rooted" are less secure in terms of threats?
Thanks for sharing your thoughts.
Do you think that Android users who had their smartphones "rooted" are less secure in terms of threats?
Userlevel 7
Oh what a good question!@ wrote:
Hi Cameron,
Thanks for sharing your thoughts.
Do you think that Android users who had their smartphones "rooted" are less secure in terms of threats?
I am going to give my own opinion before Cameron replies :)
In general, I would think having the phone "rooted", would not in itself make the device more vulnerable to known threats. If the user keep the 3rd party app block in place as it should be, and uses only the approved app download locations, known threats are no problem.
The problem comes with unknown threats. Having the phone rooted may disrupt the security of WSA itself: unknown malware that does get in may be more able to use admin functions and disable WSA's protection.
Also is the problem that in a "rooted" environment, the system runs differently than intended, or at least it can be. That is after all the purpose of rooting a device: to get it to do things it wouldn't do otherwise.
It is for this reason that "rooted" devices are not officially supported .
Userlevel 4
Yes, rooted phones are less secure purely because the root access is granted to the user who can then grant it to apps. If someone were rooted and was allowing 3rd party apps, I don't think it would be that unrealistic to assume an app could at least attempt to gain root access as well.
The caveat there is, it would still have to ask for it if the phone is properly rooted or customized. Once a phone is rooted, if done properly, apps will still be required to prompt for root access, similar to User Account Control on Windows with Admin rights.
The same guidelines for installing 3rd party apps apply tenfold for apps requesting root access. Unless you trust something 100% (or 1000% I guess :P), you should NEVER allow it to have root access to your phone. At that point it can basically do whatever it wants, including wiping your OS, wiping your data, installing a new recovery partition, etc. Interrupting those types of actions won't help you very much either and could possibly even leave your phone in a non-bootable state.
The caveat there is, it would still have to ask for it if the phone is properly rooted or customized. Once a phone is rooted, if done properly, apps will still be required to prompt for root access, similar to User Account Control on Windows with Admin rights.
The same guidelines for installing 3rd party apps apply tenfold for apps requesting root access. Unless you trust something 100% (or 1000% I guess :P), you should NEVER allow it to have root access to your phone. At that point it can basically do whatever it wants, including wiping your OS, wiping your data, installing a new recovery partition, etc. Interrupting those types of actions won't help you very much either and could possibly even leave your phone in a non-bootable state.
Userlevel 7
Just as I thought :D
Many thanks for your reply Cameron!
And of course thanks David :D
Many thanks for your reply Cameron!
And of course thanks David :D
Userlevel 7
Thanks Cameron!
Userlevel 4
Thanks to you, David, as well. Your post on rooted devices is also absolutely correct, on all points!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.