Beware : New Android Worm Spreads Via SMS

android smas worm

Security researchers has discovered a new android worm, variant of Koler ransomware is spreading via SMS. The researchers called the new variant as worm.koler.

How It Infects A User ?

This koler variant uses a new strategy to spread the infection. The varient is capable of self-replication via SMS messages which are sent to contacts in the address book of an infected device containing a bit.ly URL.


Normally, the koler worm first infects a user from a malicious pornographic site. Then it sends SMS to all the contacts from the infected phone to spread the malware.

The malicious SMS states "someone made a profile  named -Luca Pelliciari- and he uploaded some of your photos! is that  you? http://bit.ly/xxxxxx"

When a potential victim clicks on the link, the user is redirected to a DropBox page that offers user to download a ’PhotoViewer’ app. Once installed, it blocks user‘s screen with a fake FBI page, which states the device has been blocked for containing child pornography and zoophilia.


So the user won’t be able to close the window, or deactivate the malware through the app manager. The victim is forced to buy a voucher as instructed on the blocking page, and send the voucher code to a malware author.

AdaptiveMobile said "If you are unfortunately infected by the malware, you should never pay the ransom, as it won’t guarantee the unlocking of your device, and it will further encourage criminals to participate such ransom activity."

Is There Any Other Way To Remove The Malware ?

You can use following steps to remove the malware:
  • Reboot phone into “Safe Mode”.Common device requirements are to hold volume up and volume down button simultaneously when restarting.
  • Remove the ‘PhotoViewer’ app using standard Android app uninstallation tool.

No comments

Powered by Blogger.