Suitcase with Cash
Image from Shutterstock.com

Canadians like to think of themselves as largely on the sidelines of major cyber attacks. However, this year we’ve seen at least one banking attack targeting us. Now comes word that mobile ransomware has been tailored to Android users here. It’s another warning that downloading apps from anywhere other than the Google Play store — unless its a highly reputable site — is dangerous.

Appthority, a San Francisco-based application risk analysis provider, said Monday that a person or group leveraging the Koler ransomware that takes over user mobile devices has fashioned an attack aimed at Canadians who visit porn sites. The payload is delivered by a movie viewer users are asked to download. The sites can detect what country visitors come from and delivers a viewer with one of two malware packages. Like any ransomware, after installation the malware falsely notifies the victim that their device has been found to contain illegal content, so the device owner has to pay a fine.

The twist is it includes a warning screen claiming to be from the RCMP. Until now the Koler campaign has used a phoney warning from the FBI.

Fig 1.2

(Images from Appthority)

To ensure that device owners don’t panic and throw it away or completely disconnect from the network, the notification includes warns that information from the device has already been uploaded and any attempts to dispose of the device would be futile, says Appthority.  The user’s device is locked and the user is then asked to pay a fine (ransom) in order to unlock their device.

In an interview Tuesday company founder and co-president Domingo Guerra said its threat research team began seeing evidence of the Canadian-targeted threat about two and a half weeks ago.

Those behind the Koler ransomware appear to be from Eastern Europe, he said, but the company can’t say if its one group.

He couldn’t say how many devices have been infected with the Canadian version of the ransomware. One problem is those infected are likely reluctant to notify security vendors or police because they’d have to acknowledge going to a porn site.

Previous articleAn essential infosec skill: Humility
Next articleFree security tools recommended by experts
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

1 COMMENT

  1. You are late with this news… we are working on solution for 14 months here in Canada. There is 6 differents versions of this Malware…

LEAVE A REPLY

Please enter your comment!
Please enter your name here