Koler Ransomware Targets US Citizens With Fake PornHub Android App

People often say the internet is for porn, and to a certain degree they are absolutely right. In the year 2017 however, the Internet is also for ransomware and other types of malware. A new type of malicious software on Android combines both porn and ransomware into one powerful threat. Various adult content websites have been targeted by ads for a fake Pornhub Android app, which effectively contained the Koler ransomware payload.

Koler Ransomware Is Quite Nifty, in a Bad Way

It is never good to see new types of ransomware show up on mobile operating systems. Especially Android users have seen their fair share of malicious software, ranging from banking trojans to keylogger and everything in between. It now appears US customers visiting adult content-oriented websites may fall victim to a new type of Android ransomware, which masks itself as a malicious PornHub app.

It is well worth mentioning Koler is not a new type of malware by any means. This particular ransomware family has been around since 2014, back when the Reveton malware strain was still successful. A lot has happened over the past three years in the world of cybercrime, but some names will always ring a bell. Reveton was quite successful when attacking Windows computers, and the developers decided to port most of the functionality to Android in that year.

One thing about Koler stood out immediately: it had a link to pornographic content from day one. More specifically, the 2014 ransomware strain locked people out of their devices and showed a police-themed warning asking them to pay a fine because of their adult content viewing habits. The amounts demanded back then were very small, but it is something that made the developers quite a bit of money. No one wants to see those kinds of warnings on their phones or tablets under any circumstances.

Now that Koler is back, there is plenty of reason to be concerned. An ongoing distribution campaign is taking place right now. It appears the ransomware developers are resorting to a brand new tactic, which could prove to be quite lucrative and successful in the long run. By effectively displaying malicious advertisements on adult content platforms, the developers are trying to trick Android users into downloading a malicious PornHub application.

Once the user downloads this particular application, their device will be infected with the Koler ransomware shortly afterward. As soon as the malware is installed, it will be given root privileges, which can have all kinds of nefarious consequences. This method is often referred to as clickjacking, and it is quite common among Android malware types right now.

With root access, the Koler ransomware can show a ransom message on top of the current screen. It seems little has been done to create a new ransom note, as it still claims to be a message from the US Department of Justice. Users are asked to pay a fee of $500 within three calendar days. It is unclear how this money needs to be paid, though. The fact this ransomware only targets US citizens is rather unusual, considering the malware’s source code reveals geo-targeting capabilities.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.