updated 06:55 pm EDT, Wed May 7, 2014
Trojan.Koler.A disables phones until $300 fine paid to scammers
A new trojan targeting Android devices has been discovered that is holding phones hostage until a fine is paid. Ransomware, in this case the Trojan.Koler.A, accuses the device's owner of looking at illegal pornography and threatens action by authorities. The ransomware asks for a $300 fine to be paid via "untraceable payment mechanisms such as Paysafecard or uKash" according to Ars Technica's report.
Koler.A uses the country location and IP of the device to tailor specific warnings ultimately asking for a fine to be paid to unlock the device. Failure to pay up would result in police or other law enforcement action such as the FBI.
This "police trojan" prevents infected phones from accessing the home screen of the device, meaning that most actions on the phone are no longer accessible to the user. Attempting to dismiss the message results in it coming back in less than five seconds.
The warning message states that it encrypts the data on the device, including audio and video actions, using the warning to scam victims for the decryption keys. This specific infection is said to be less of a risk than the Cryptolocker PC infection, which will actually encrypt files to hold the machine hostage.
Devices are being infected through traffic distribution systems, which are often found in infected ads, that then redirect people to these malicious sites. Visiting these sites will often trigger a drive-by download unless an Android user has set downloads outside of Google Play to be rejected. The download would have to be approved to install, causing the malware designers to hide them in legitimate-looking apps.