New Mobile Malware Threat

Category: Mobile , Security

A well-known predator named “Koler” has ramped up its game from “drive-by download” to “self-replicating virus,” accelerating the spread of this ransomware from one smartphone to all its owner’s contacts. Read on to learn about a secret feature that will zap this and other mobile malware apps...

Got Koler Mobile Ransomware? Don’t Panic!

Regular readers of this site may remember my article about Cryptolocker, a desktop malware menace that locks your computer, scrambles your files, and demands payment to restore access.

Likewise, Koler is mobile malware targeting Android smartphones and tablets, which extorts ransom from its victims, telling them their data has been encrypted and the key will cost money.

But don’t panic. Koler is mostly bluff, a serious nuisance, but one that’s essentially toothless and easily banished if you know a little “secret” about Android that even I wasn’t aware of until recently. (Be sure to see my rant below about "unknown sources" too...)

Koler Android Malware

Koler has been known to security researchers since May, 2014. In its original form it seized control of an infected Android device, freezing everything and displaying a screen that demanded payment for unlocking the device. Koler infected Android devices by the classic “Trojan horse” ploy, masquerading as a benign app available for free download on numerous Web sites. But now it’s self-replicating, and that changes the game dramatically.

When the new Koler infects a device it still does its “stand and deliver” ransomware thing. A scary-looking image blocks your screen, pretends to be a message from the FBI, accuses you of viewing and/or storing vile materials on your phone, and demands payment in lieu of prosecution.

But also, it’s busy in the background sending text messages to all of the contacts stored on the infected device. It tells your friends, family, and associates that you have posted photos of them online and provides a link to the page where they can view themselves. That page, of course, has no photos but only a link that will trigger the downloading and execution of Koler on the new victims’ devices.

Time to Panic?

Denis Maslennikov, a security analyst with AdaptiveMobile, told TechNewsWorld, "This is the first time we've seen self-replicating ransomware on Android." Time to panic, right?

First, Koler (and almost ALL other Android malware that I'm aware of) can be installed ONLY if the user has modified their settings to specifically allow software to be installed from "unknown sources," which means sources other than the official Google Play Store. Click on Settings, then Security on your device. (On my Samsung Galaxy, I have to tap "More" to find the Security option under Settings.)

The factory setting for "Unknown sources" is OFF, and it should stay that way, unless you absolutely must install a trusted app from a third-party source. In such a case, remember to turn this setting back to OFF after allowing the install. It irritates me to no end that tech writers, researchers and security analysts (who should know better) almost NEVER mention this very important fact.

Here's a second reason not to panic. Even if you do take the bait, your data is not encrypted; that’s a bluff. It won’t be wiped out forever if you don’t pay the ransom. You can access all of your data as usual and eradicate Koler if you know about Android’s semi-secret “reboot to safe mode” feature. I've been using Android phones for years, and I didn't learn about this until recently.

Most tablet and smartphone users don’t know about safe mode. They assume the only way to get rid of Koler is to do a factory reset, which wipes out all user data entered since the phone was activated. But in safe mode, all third-party apps are temporarily disabled, including Koler. Then you can use Android’s built-in uninstall tool to remove “Photoviewer” -- the alias used by Koler. When you reboot again in normal mode, Koler will be gone.

To uninstall an app on your Android device, first open Settings, then Apps or Application Manager. (You may have to click the More tab to find it.) Tap the app you’d like to uninstall, then tap the Uninstall button. And poof, the stain's gone in the first wash!

How to Use Android's Safe Mode

If your device is ON: Press and hold the power button until the menu appears. Next, tap AND HOLD the Power Off button for a second or so, until the "Restart in Safe Mode" menu appears. Tap the "Turn On Safe Mode" button.

If your device is OFF: Press and hold the power-on button. As soon as the first screen or logo appears, press and hold the volume-down button simultaneously when restarting. On some devices, you'll need to press and hold BOTH the volume-up and volume-down buttons at once. On others, you need to press and hold the menu button. If that doesn't do the trick, search online for device-specific instructions on rebooting in safe mode.

When your device starts up in Safe Mode, you'll see "Safe Mode" in the lower left corner of the display. No third-party apps will be loaded when you start up in Safe Mode, nor will they appear on your Home screens. Restarting your phone normally will get you out of Safe Mode.

So Koler, the latest Android malware scare, is nothing to worry about if you follow my tip about not installing apps from unknown sources. And even if you or a friend does fall for this or a similar trick, now you know what to do.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 30 Oct 2014

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 29 October 2014

The Top Twenty
Next Article:
Microsoft’s Time(piece) Has Come

Most recent comments on "New Mobile Malware Threat"

Posted by:

Cary A
30 Oct 2014

After I restart my Android device in Safe Mode, how do I get rid of Koler?

Posted by:

30 Oct 2014

I use 12 Androids for a special 3rd party install
Have always checked the allow to download...
Never thought of unchecking after install....

thanks, Will do it now

Posted by:

30 Oct 2014

How about non-phone Android devices, e.g. Kindle Fire?

Posted by:

30 Oct 2014

Just FYI, the first method to restart in Safe Mode did not work on my Note 3. However, the second method did. Just hold that down button. Don't have to do both power and down simultaneously. I have no idea what version of android I have.

Posted by:

30 Oct 2014

Cary, read Bob's post it tells you how to remove KOLER.

Posted by:

30 Oct 2014

Great tip! Thanks Bob.
"How to start in Safe Mode" really ought to be added to the manual of every Android phone!

Posted by:

The 146%
30 Oct 2014

I found a different way to initiate safe mode on android version 2.3.x for Motorola phones and Kindle Fire HD, first generation version 7.5.x:

Power the device up.
When you see the first screen, count 3 seconds then press and hold both volume buttons.
Keep holding until you see safe mode on lock screen.

The instructions I found only mentioned the phone but I just wanted to try it out on a Kindle and it worked on it as well. You may have different results.

Posted by:

Elizabeth Landry
31 Oct 2014

Dear Bob,
Thank you for everything you do to help people. I am going to save this article for future reference. You are truly our Super Cyber Hero. Peace, E

Posted by:

31 Oct 2014

Yes, thank you Bob for all your info. New to Android here. And disappointed at what it can do. As I was disappointed with Linux OSs. When Windows 7 is no longer supported, I'll dual boot with Linux and will intensely study your Learn Linux pages. At the present this laptop dual boots Windows 7 and XP. Due to paying older games.

Posted by:

George Hilton
31 Oct 2014

Seems that there are more methods of getting into "SAFE MODE" than there are versions of Android! None of the above work for 2.3.5 onboard a Samsung tablet. Maybe its a "phone thing"

Posted by:

01 Nov 2014

Whoa...went right into settings and turned off the permission to install apps from unknown sources. Thanks again for putting this information in plain English! Still working on the start or restart in "safe" mode (Samsung Galaxy Note ) will be keeping that for future reference. You are the best... :)

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- New Mobile Malware Threat (Posted: 30 Oct 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved