‘Police’ Ransomware Koler.A Demands $300 From Android Users

A new piece of Ransomware known as Koler.A is affecting Android smartphones and tablets as the form of malicious activity makes the move from Windows PCs to mobile devices.

Users browsing porn websites have been tricked into installing the application, which poses as a premium video player under the name “BaDoink”, according to researchers at BitDefender Labs. Once installed, it uses the device’s IMEI number to find the device’s home location, and sends a message purporting to come from a local police force, which claims the user has accessed “banned pornography” including child porn, and demanding $300 to reactivate the phone.

CM Productions, which publishes the BaDoink adult website, has contacted TechWeek to inform us it is not connected with this malware outbreak.

Police porn Android scam

Unlike Windows ransomware such as Cryptolocker, which can encrypt users’ hard drives, this Android variant is bluffing, as it does not have permission to do that. It also requires user involvement to install the software: users must have enabled “sideloading” from sources other than Google’s Play app store, and must then accept and manually install the download.

So, in order to have your device infected, you have to have allowed apps from non-approved sources (ie. not the official Google Play store), and to grant the app permission to install itself on your device,” said security expert Graham Cluley. “However, because the message could easily pop-up while you are browsing a hardcore porn site and because you (presumably, otherwise why are you there?) *want* to watch something a bit naughty… maybe you *would* allow the program to install itself on your smartphone?

“That’s social engineering at work once again. It’s often the case that the problem is not the technology, but the fleshy human sitting in front of the keyboard making poor decisions.”

The British threat screen mashes up some police logos including the Police Central e-Crime Unit (PCEU), and Cheshire Constabulary, along with a picture of the Queen. It also suggests the victim has “stolen information of State importance.”

Although the ransomware tries to prevent the user getting back to the home screen, it can be easily disabled and uninstalled by viewing the apps screen and dragging it to the uninstall button, or by rebooting in safe mode and removing it.

Are you a security pro? Try our quiz!