Warning: Android users who visit adult sites targeted in new ransomware attack


If you watch porn from your smartphone you may be the target of a new ransomware attack.

Android users are being warned about a form of ransomware that is disguised as a fake app for the adult site PornHub, which is one of the most popular sites of its kinds.

The app contains a strain of the Koler ransomware, with users tricked into downloading the app by clicking on advertisements displayed on other porn sites, security researcher Lakas Stefanko from ESET told Bleeping Computer.

The Koler ransomware tricks users into paying a ransom by displaying a fake legal notice, normally from a government or law enforcement organisation.

Once the user has downloaded the app, their device would then be infected, with the ransomware able to give itself full administrative rights, meaning it can take complete control of the infected device.

In this case, the ransomware displays a notice which claims to be from the FBI and tells the user that they have visited a “forbidden pornographic website” and that their device has been locked. To unlock the device they will need to send payment of $500 within three days.

Fortunately this particular ransomware is fairly easy to avoid and is only targeting users who allow installation of third party apps.

Providing you only download apps from the Google Play Store, you should be safe.

For those that think their phone is already infected, the Koler ransomware is a little trickier to remove.

Users are advised to reboot their phone in safe mode. You can do this by holding down the power button until it asks you if you want to shut down your phone.

However, rather than pressing OK, press and hold the power button once more and it will give you an option to reboot in safe mode.

Once you’re in safe mode you should be able to revoke the admin rights of the ransomware and remove the fake PornHub app.


Comments are closed.