View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Porn fans free again after police ransomware disrupted

Kaspersky says as many as 200,000 mobile users could have been exposed.

By Jimmy Nicholls

The Koler ransomware campaign that targets mobile visitors to porn sites has been disrupted, according to security firm Kaspersky.

The malware threatened victims running Android with a message purporting to be from local police, demanding between $100 and $300 to unlock the device, even though no files were encrypted by the virus.

Vicente Diaz, principal security researcher at Kaspersky, described the campaign as "well organised and dangerous".

"Dozens of automatically generated websites redirect traffic to a central hub using a traffic distribution system where users are redirected again," he added.

"The attackers can quickly create similar infrastructure thanks to full automation, changing the payload or targeting different users."

The campaign relies on apprehension among victims about being caught watching porn, with the infectious app tellingly named "animalporn.apk".

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Koler’s command and control (C&C) server was reconfigured to send uninstall instructions to victims, causing the malware to be deleted, according to the firm.

180,000 people are thought to have been exposed to the campaign, with 80% based in the US and much of the remainder in Australia, the UK and Canada.

Kaspersky believe that the group responsible for the campaign are also behind Reveton, which follows a very similar form to Koler, and expects similar campaigns to be "the norm" in the future.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU