If you don't pay a ransom, you will be taken public on the Internet: Koler, The ransomware on Android phones.

If you don't pay a ransom, you will be taken public on the Internet: Koler, The ransomware on Android phones.

This is a new mobile phone ransomware in Canada. When a mobile phone user visits an adult website, the malware is infected and ransomware. Hold down the shame of the victims. Hackers will threaten you to pay a ransom. Otherwise, they will lock your mobile phone screen and send messages about your adult website to all contacts on your mobile phone.

Ransomware Process

The attacker used a new version of the android ransomware Koler. when a user visits the adult website XHamster and is infected with Koler, the variant displays a warning message disguised as a royal camper, remind users that Canadian authorities are investigating them and have locked their systems.
Security researchers said the attackers behind the malicious activity would build a fake website that pretends to provide adult content, or use ads on small websites to provide similar content.


It's easy for common Internet users to get involved-they thought they were downloading a video player that could play adult content on mobile devices. In fact they are installing a mobile ransomware, this software is designed specifically for mobile users in Canada.

The ransomware mode used by the attacker is different. If the victim does not pay the ransom, the ransomware not only locks the victim's mobile phone to prevent further operations, they also threatened victims to notify all contacts on their mobile phones of messages they sent to adult websites.

This policy allows victims not to report fraud to law enforcement, and finally they have to pay the fees specified by cyber criminals, ranging from $100 to $500:

"This blackmail means not only in terms of security, but also the shame of the victims. But the victims may feel embarrassed when they encounter such a problem because they visit a pornographic website and do not want to tell anyone. Some users in specific categories are more vulnerable to extortion from cyber criminals, such as corporate executives who worry that the Internet is known to affect their personal image, so they will eventually decide to pay the ransom ."

Emperor's New Clothes

In many cases, most ransomware does not send messages to contacts on the victim's mobile phone. When the victim is locked by ransomware, the victim only needs to start the security mode to delete the application that locks the mobile phone so that their mobile phone can be restored. The researchers have analyzed the mobile ransomware sample, which does not implement file encryption and cannot lock users' documents.

Security suggestions

In general, to avoid being a victim of such frauds, it is important to be aware of fraud threats and take appropriate security measures, especially in the workplace. In addition, do not open emails from unknown sources, or download Unknown applications from third-party app stores.