Categories: NewsSecurity

Koler Ransomware Targets US Citizens With Fake PornHub Android App

People often say the internet is for porn, and to a certain degree they are absolutely right. In the year 2017 however, the Internet is also for ransomware and other types of malware. A new type of malicious software on Android combines both porn and ransomware into one powerful threat. Various adult content websites have been targeted by ads for a fake Pornhub Android app, which effectively contained the Koler ransomware payload.

Koler Ransomware Is Quite Nifty, in a Bad Way

It is never good to see new types of ransomware show up on mobile operating systems. Especially Android users have seen their fair share of malicious software, ranging from banking trojans to keylogger and everything in between. It now appears US customers visiting adult content-oriented websites may fall victim to a new type of Android ransomware, which masks itself as a malicious PornHub app.

It is well worth mentioning Koler is not a new type of malware by any means. This particular ransomware family has been around since 2014, back when the Reveton malware strain was still successful. A lot has happened over the past three years in the world of cybercrime, but some names will always ring a bell. Reveton was quite successful when attacking Windows computers, and the developers decided to port most of the functionality to Android in that year.

One thing about Koler stood out immediately: it had a link to pornographic content from day one. More specifically, the 2014 ransomware strain locked people out of their devices and showed a police-themed warning asking them to pay a fine because of their adult content viewing habits. The amounts demanded back then were very small, but it is something that made the developers quite a bit of money. No one wants to see those kinds of warnings on their phones or tablets under any circumstances.

Related Post

Now that Koler is back, there is plenty of reason to be concerned. An ongoing distribution campaign is taking place right now. It appears the ransomware developers are resorting to a brand new tactic, which could prove to be quite lucrative and successful in the long run. By effectively displaying malicious advertisements on adult content platforms, the developers are trying to trick Android users into downloading a malicious PornHub application.

Once the user downloads this particular application, their device will be infected with the Koler ransomware shortly afterward. As soon as the malware is installed, it will be given root privileges, which can have all kinds of nefarious consequences. This method is often referred to as clickjacking, and it is quite common among Android malware types right now.

With root access, the Koler ransomware can show a ransom message on top of the current screen. It seems little has been done to create a new ransom note, as it still claims to be a message from the US Department of Justice. Users are asked to pay a fee of $500 within three calendar days. It is unclear how this money needs to be paid, though. The fact this ransomware only targets US citizens is rather unusual, considering the malware’s source code reveals geo-targeting capabilities.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale: DEBO Takes the Spotlight as DOGE, SHIB, and WIF Slide

DOGE, SHIB, and WIF have experienced significant declines in their prices recently. For example, DOGE…

24 mins ago

Sunday Surge Incoming! The 5 Best Crypto to Buy Now for Massive Weekend Profits!

It’s beginning to look like altcoins (TOTAL3) are going absolutely wild, with a bullish fractal…

30 mins ago

Litecoin and Solana Investors Turn to 1Fuel as a Top Contender for the Next Crypto Bull Run

Litecoin (LTC) and Solana (SOL) had pretty average performances throughout 2024 before finally regaining their…

35 mins ago

Dogecoin Faces Decline as 1Fuel’s Cross-Chain Utility Captures Smart Money

Dogecoin, the largest memecoin and one of the top cryptocurrencies by market cap has slowed…

40 mins ago

5 Reasons Why Remittix (RTX) Is Being Called the Best Crypto Presale to Buy Now

Remittix’s revolutionary PayFi solution is taking the DeFi market by storm. Remittix allows users to…

49 mins ago

Polygon and Bitcoin Cash Are ‘Dinosaurs’: High Upside Potential Pushes DTX Exchange on Top  

The blockchain revolution has been fueled by a combination of early adopters and hopeful neophytes,…

55 mins ago