While ransomware such as Ukash Virus and FBI MoneyPak Virus have been around for a while, they only targeted PC users with Windows operating system. An increasing popularity of mobile devices has made hackers diversify their businesses and now they have created a virus, that locks Android devices demanding victims to pay a fine of around $300 for allegedly committed a crime browsing banned illegal pornography websites.
Better known as Android-Trojan.Koler.A, the virus uses a similar scheme of its’ Windows counterparts: it locks the device preventing the user from launching any app and demands a fine to be paid using Ukash or Paysafecard prepaid cards. The reason they are using prepaid cards is that it is very difficult to trace the payments, hence track the hackers down.
It is relatively easy to get infected with Android-Trojan.Koler.A. Once a person visits certain websites with (not necessarily) pornographic or erotic content, one is asked to download a “codec” to view the videos. When the installation package is on the device, the user has to install the .apk file manually. Android has a protection against malicious apps that allows apps to be installed only from the Play Store, so the virus requires the user to enable installation of unknown sources, which opens a hole for various viruses and trojans. Once Android-Trojan.Koler.A is installed, it will immediately lock the device showing its’ screen with the information about the allegedly committed crimes with added victim’s IP address to scare him/her even more.
Removal Of The Virus
Due to the fact that Android works differently from Windows, and there are so many devices with different Android versions and shells, it can be tricky to deal with this infection. If you have a device infected with Android-Trojan.Koler.A virus, and you can manage to go to the list of apps without seeing the screen of the ransomware, you may be in luck. Look for an app called BaDoink and uninstall it. If you can manage do to that, you’re probably free of the virus. However, if BaDoink’s window is constantly shown, you would have to restart the device in Safe Mode.
If you are using Android 4.1 and up:
- Long-press power button
- In the displayed menu, long-press “Power Off“
- Press “OK” to reboot into Safe Mode
If you are using Android 4.0 or lower:
- Long-press power button
- Press “Power Off” to shutdown the device
- Long press power button to power on the device
- When the device is starting, keep holding Volume Down button until you see home screen
Once in Safe Mode:
- Locate BaDoink app
- Long press on the app and drag to the “Uninstall” button
- Reboot your device into normal mode
To ensure the security of your device, disable “Unknown Sources” checkbox in phone’s settings (usually in the “Security” screen). We also recommend that you only install apps from Play Store. Not all apps there may be safe, but at least Google is doing its’ best to add some verification of the apps listed on Play Store.
If you have any difficulties having the virus removed from your device, please drop a comment including the name of your device and the version of Android OS.