Phones held for Ransom by Koler Worm

Next story

A new variant of the Android based malware Koler can be spread via text messages. Koler is a piece of Ransomware that holds your phone hostage until the author is paid. With comments and advice from Mark James.


This variant of the Koler worm was first reported on October 19th, the vast majority of infected phones are in the US but there are cases worldwide.

“The natural progression from desktop to mobile device for Ransomware was going to get more momentum at some point”, says Mark James, ESET security specialist.


What can go wrong?


“The biggest factor in this I think is people’s assumption that they are safe on a mobile with thoughts along the line of "what can go wrong if I click this link on my mobile".” Mark explains.

Mark details how the Koler worm worms its way into your system.

“In this particular case an SMS is used for the initial contact which in itself can lure a level of trust that emails do not have, if the masked (truncated) link is followed a page will display some kind of tasty treat for free that may include a free service or free app which once installed will contain the malware.”

At this point “ransom” screens are presented that attempt to “scare the individual into paying to have it removed.”


What can I do about it?


Removing these types of infections is often very simple and can be done by either booting into safe mode (internet searches will often yield many results on how to do this yourself) and uninstalling the offending application (or the last installed app if you don’t remember the name).”

As a last resort factory resetting the device and restoring from your last good backup” could work Mark explains.

The easiest and perhaps most obvious way or avoiding this nasty worm is to “NOT install any apps from third party websites or links, both Apple and Google Play are by no means 100% safe but they are a lot safer than using a random website to install apps.”