Canadian users infected by a Mobile ransomware by visiting adult content websites
Canadian mobile users were targeted by the latest variant of the Koler Android mobile ransomware after visiting websites proposing adult content.
Once again, visitors of websites proposing adult content are targeted by cyber criminals. Last week a malvertising campaign hit visitors of the adult website XHamster, now Canadian Internet users victims were targeted by a malicious campaign spreading mobile ransomware.
Cyber criminals used a recent variant of the Koler Android mobile ransomwareĀ which displays victims a warning message that pretend to be from the Royal Canadian Mounted Police. The message warns users that they are under investigation of Canadian Authorities that have locks their system.
āThis is the first one that weāve seen specifically targeting Canadian citizens,ā said Domingo Guerra, founderĀ of the mobile security company Appthority.
[adsense size='1']
The experts explained that bad actors behind the malicious campaignĀ set up bogus websites pretending to offer adult content, or exploited ads on minor websites offering similar content.
When unaware users visit the malicious website, they are tricked into thinking that they are downloading a video viewer to display the adult content on their mobile devices, in reality they are installing a mobile ransomware that is localized for the region of the victims.
The extortion schemaĀ adopted by the cyber criminal not limit their action to the lock on the mobile, but crooks also menace victims toĀ inform their contacts that they have been viewing adult website if they donāt pay a fee (āthe ransomā). This tactic discourages victim to report the scam to the law enforcement and induces them to pay the fee that range fromĀ $100 up to around $500.
āThis plays not just on the security aspect, but the shame of being caught,ā said Guerra.Ā āBut theyāre embarrassed because itās a pornography site, so they donāt want to tell anyone.ā
Guerra explained that there are some categories of users more exposed to these frauds, likeĀ Senior corporate executives that fearing embarrassment decide to pay.
āBut theyāre embarrassed because itās a pornography site, so they donāt want to tell anyone.ā Guerra added.
Guerra warns victims thatĀ in many cases the cyber criminals have no capability to unlock the phone, neither to send messages to the victimās contacts. The expert also explained that in some cases victims can recover their mobile simply by booting it in safe mode in order to delete the app that locked the device.
[adsense size='1']
āMost of the time there is a way to unlock it without paying the ransom,ā he said. āYou boot the phone in safe mode, delete the app, then reset the phone.ā
Guerra also highlighted that the samples of mobile ransomware he has analyzed donāt implement file encryption to lock the userās document.
āThey claim to do that, but they actually donāt,ā Guerra said. āIt was just a trick.ā
Ad usual, in order to avoid to be victim of these scams it is important to be aware of the threat and to assume a proper security posture especially in a workplace. Do not open unsolicited emails neither download apps from the third-parties stores.
Gloss