05 Nov

November 2014 – New Android SMS Virus doing the rounds..

As you know, we only write twelve newsletters a year, but it seems as soon as we finish one the next one is due! How time flies!

This last month has been somewhat ‘quieter’ than previous months, although with all the celebrity data breaches, security of information has risen to the top of the IT ‘hit list’.

Last month we saw a new ‘ransomware’ virus hitting users of Android operating system known as the ‘Koler worm’, this worm spreads itself via text messages and holds the victim’s infected device hostage until a ransom is paid.

It becomes a worm by attempting to trick users into opening a shortened bit.ly URL, once installed, it then sends SMSs to everyone in your contact list saying “”Someone made a profile named -[the contact’s name]- and he uploaded some of your photos! is that you?” followed by a Bitly link, so they can become infected as well.

Once installed this worm then locks the victim’s mobile screen and then demands money from users with fake notifications from law enforcement agencies accusing users of viewing and storing child pornography.

The victim is forced to buy a voucher as instructed on the blocking page, and send the voucher code to a malware author.”

Due to the Worm.Koler’s SMS distribution mechanism, we are seeing a rapid spread of infected devices since the 19th of October, which we believe to be the original outbreak date,” “During this short period, we have detected several hundred phones that exhibit signs of infection, across multiple US carriers. In addition to this, other mobile operators worldwide—predominantly in the Middle East, have been affected by this malware.

If users suspect they are infected by the malware, they should never authorize any payment as it won’t guarantee the unlocking of your device, as well as it will further encourage cyber criminals to carry out such ransomware practices again and again.

Koler does not encrypt files, according to security firms, therefore it becomes easy for users to eliminate the threat from their infected devices by following two simple steps:

  • Reboot your phone in the “Safe Mode
  • Remove the ‘PhotoViewer‘ app using standard Android app uninstallation tool

This particular worm should be treated as a ‘wake up call’ for all android users. The payload could have been MUCH worse.

In order to protect yourself from such threats in future, the best practice is to have the “Unknown Sources” option turned off in your Android device’ security settings menu. Turning off of this option won’t let users to install applications from unknown sources, but only from the official Google Play store.

The other thing you should do is to talk to us here at EtherTech about our Trend Micro Mobile Security and Anti Virus solution for Android which will prevent these malicious sites from getting into your devices. At $5.50 per month per device its pretty cheap insurance.

Until next month!.. Happy internetting..