Android/Ransom.Koler

detection icon

Short bio

Android/Ransom.Koler is Malwarebytes’ detection name for Koler, a type of ransomware that usually comes packaged as an adult-themed app and uses scare tactics, such as displaying FBI warnings, to trick victims into paying a ransom.

Type and source of infection

Koler uses social engineering to trick its victims into installing the app by offering enticing adult-themed apps or fake app updates. These apps are usually found in third-party file shares and app markets. They can also turn up via browser pop-ups, phishing links, and site redirection.

Aftermath

Infection occurs when an app with malicious code is installed. These apps will install and request to be added to the Device Administrator list. From there, they will immediately start displaying FBI warnings.These fake warnings are meant to scare victims into paying a ransom to free their device. The warning pages will repeatedly be displayed, taking over the screen, and the victim will essentially be locked out because they cannot interact with the device.Uninstalling can be difficult because of the Device Administrator rights it was given during installation.

 

Protection

The best protection is to install mobile apps from a trusted source and read reviews. Running Malwarebytes for Androidwill block Android/Ransom.Koler.

Remediation

Uninstalling Koler can be difficult because of the Device Administrator rights it was given during installation. Typically, the best route to remove is to boot the Android device into Safe Mode, remove from Device Admin list, and uninstall. As with most malware, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and removing them.