‘Police’ Ransomware Koler.A Demands $300 From Android Users

A new piece of Ransomware known as Koler.A is affecting Android smartphones and tablets as the form of malicious activity makes the move from Windows PCs to mobile devices.

Users browsing porn websites have been tricked into installing the application, which poses as a premium video player under the name “BaDoink”, according to researchers at BitDefender Labs. Once installed, it uses the device’s IMEI number to find the device’s home location, and sends a message purporting to come from a local police force, which claims the user has accessed “banned pornography” including child porn, and demanding $300 to reactivate the phone.

CM Productions, which publishes the BaDoink adult website, has contacted TechWeek to inform us it is not connected with this malware outbreak.

Police porn Android scam

Unlike Windows ransomware such as Cryptolocker, which can encrypt users’ hard drives, this Android variant is bluffing, as it does not have permission to do that. It also requires user involvement to install the software: users must have enabled “sideloading” from sources other than Google’s Play app store, and must then accept and manually install the download.

So, in order to have your device infected, you have to have allowed apps from non-approved sources (ie. not the official Google Play store), and to grant the app permission to install itself on your device,” said security expert Graham Cluley. “However, because the message could easily pop-up while you are browsing a hardcore porn site and because you (presumably, otherwise why are you there?) *want* to watch something a bit naughty… maybe you *would* allow the program to install itself on your smartphone?

“That’s social engineering at work once again. It’s often the case that the problem is not the technology, but the fleshy human sitting in front of the keyboard making poor decisions.”

The British threat screen mashes up some police logos including the Police Central e-Crime Unit (PCEU), and Cheshire Constabulary, along with a picture of the Queen. It also suggests the victim has “stolen information of State importance.”

Although the ransomware tries to prevent the user getting back to the home screen, it can be easily disabled and uninstalled by viewing the apps screen and dragging it to the uninstall button, or by rebooting in safe mode and removing it.

Are you a security pro? Try our quiz!

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

23 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

24 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago