By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

Kaspersky Lab found Koler ‘police’ malware targeting mobiles and PCs


Kaspersky Lab has found a new hidden malware od a malicious campaign, introduced Koler ‘police’ mobile ransomware for Android devices to the world in April 2014. The malware consists of browser based ransomware and an exploit kit. The attackers first scan the system of a user and then deliver customised ransomware depending on the location and the device of the user. As soon as the victim visit any of the 48 malicious porno websites used by Koler’s operators the ransomware starts. It will ask he victims to pay a certain amount of fine for viewing this pornographic content. These attackers disguise them as the authorities and demand for the money.

The pornographic sites redirect the users to the Keitaro Traffic Distribution System (TDS) and this second redirection will lead to three different types of malicious scenarios. In the first case, it will install the Koler mobile ransomware. Tis will install the infected Koler app on the users’ mobile device. After the complete process of installation it blocks the screen of an infected device and requests a ransom of between $100 and $300 in order to unlock it. In the second case, it will attack through the browser. It will approach the user via pop-up windows. Once the user clicks on them then the screen gets blocked. Lastly, the malware attacks through Angler Exploit Kit.

Talking about the new findings of the lab, Vicente Diaz, Principal Security Researcher at Kaspersky Lab, said, “Of most interest is the distribution network used in the campaign. Dozens of automatically generated websites redirect traffic to a central hub using a traffic distribution system where users are redirected again. We believe this infrastructure demonstrates just how well organized and dangerous this campaign is. The attackers can quickly create similar infrastructure thanks to full automation, changing the payload or targeting different users. The attackers have also thought up a number of ways of monetizing their campaign income in a truly multi-device scheme.”

The lab reports further highlights that almost 200,000 visitors have been infected with this ransomware. The lab also suggests some precautionary measures to the users. Always keep in mind that the police will never ask for any fine so don’t pay the attackers.  It is also advisable not to install ant app while browsing the internet. Don’t visit the websites you don’t trust and also install a trusted anti-virus on your device.


Heena Gupta

A reader at heart, this girl loves to express through writing. Her ears perk up as soon as she senses any tech molecule in the air. With the ability to use and navigate typical technologies she becomes a complete tech enthusiast. This post graduate in Mass Communication lives in the world of gadgets. Fiction, history and cartoons keep her busy in the free time. Her urge to grow mixed with excellent writing skills forces us to have her as a part of our workforce.

Related Articles

Upcoming Events