AdaptiveMobile Uncovers Koler Worm Variant Spreading by Text Message and Holding Phones for Ransom

DALLAS & DUBLIN--()--AdaptiveMobile (www.adaptivemobile.com), the world leader in mobile security, has discovered a new variant of the Android malware Koler, which now spreads by text message and holds infected users’ phones hostage until a “ransom” is paid. AdaptiveMobile detected the emergence of the worm on October 19th, and has blocked thousands of messages from hundreds of infected phones. The attack is occurring worldwide, but the majority of the infected phones are in the United States.

This new version of Koler works by sending an SMS message with a bitly link stating that an account with the user’s photos has been created. The user is re-directed to a DropBox page where the malware is hidden in a “PhotoViewer” app. Once installed, the malware blocks the user’s screen with a fake FBI page, which says the device has been locked due to pornographic or other inappropriate content. The user can “wave the accusations” by paying a fine using a Money Pak Voucher. This a new approach for Koler, which used to hide on pornography sites, and is now using SMS and the wording of a well-known Facebook scam to entice users to install it.

“This attack combines the techniques we have seen with worms like Selfmite with a traditional Android ransomware attack,” said Cathal Mc Daid, Head of Data Intelligence & Analytics at AdaptiveMobile. “Spreading the worm by SMS makes it more effective as people are more likely to respond to a link sent by someone they know.”

If users suspect they are infected, they should not authorize any payment. Rather, they should remove the malware by rebooting their phones in “safe” mode, and then uninstall the PhotoViewer. Users should also remember to install only apps that come from a trusted source.

For more information, read AdaptiveMobile’s blog.

About AdaptiveMobile:

AdaptiveMobile is the world leader in mobile security protecting over one billion subscribers worldwide and the only mobile security company offering products designed to protect all services on both fixed and mobile networks through in-network and cloud solutions. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile’s award winning security solutions provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive mobile security products available on the market today. AdaptiveMobile’s sophisticated, revenue-generating security-as-a-service portfolio empowers consumers and enterprises alike to take greater control of their own security.

AdaptiveMobile was founded in 2003 and boasts some of the world’s largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The company is headquartered in Dublin with offices in the North America, Europe, South Africa, Middle East and Asia Pacific.

Contacts

Press contacts:
ACSCom PR (USA)
Anne Coyle, +1 857-222-6363
adaptivemobile@acscompr.com
or
AxiCom (UK)
Stephanie Fergusson, +44 7 760108071
Stephanie.fergusson@axicom.com

Release Summary

AdaptiveMobile has identified a new variant of malware Koler, which takes a user’s phone hostage and demands ransom.

Contacts

Press contacts:
ACSCom PR (USA)
Anne Coyle, +1 857-222-6363
adaptivemobile@acscompr.com
or
AxiCom (UK)
Stephanie Fergusson, +44 7 760108071
Stephanie.fergusson@axicom.com