Site icon IT World Canada

Ransomware using phoney RCMP warning has been detected

Suitcase with Cash

Image from Shutterstock.com

Canadians like to think of themselves as largely on the sidelines of major cyber attacks. However, this year we’ve seen at least one banking attack targeting us. Now comes word that mobile ransomware has been tailored to Android users here. It’s another warning that downloading apps from anywhere other than the Google Play store — unless its a highly reputable site — is dangerous.

Appthority, a San Francisco-based application risk analysis provider, said Monday that a person or group leveraging the Koler ransomware that takes over user mobile devices has fashioned an attack aimed at Canadians who visit porn sites. The payload is delivered by a movie viewer users are asked to download. The sites can detect what country visitors come from and delivers a viewer with one of two malware packages. Like any ransomware, after installation the malware falsely notifies the victim that their device has been found to contain illegal content, so the device owner has to pay a fine.

The twist is it includes a warning screen claiming to be from the RCMP. Until now the Koler campaign has used a phoney warning from the FBI.

(Images from Appthority)

To ensure that device owners don’t panic and throw it away or completely disconnect from the network, the notification includes warns that information from the device has already been uploaded and any attempts to dispose of the device would be futile, says Appthority.  The user’s device is locked and the user is then asked to pay a fine (ransom) in order to unlock their device.

In an interview Tuesday company founder and co-president Domingo Guerra said its threat research team began seeing evidence of the Canadian-targeted threat about two and a half weeks ago.

Those behind the Koler ransomware appear to be from Eastern Europe, he said, but the company can’t say if its one group.

He couldn’t say how many devices have been infected with the Canadian version of the ransomware. One problem is those infected are likely reluctant to notify security vendors or police because they’d have to acknowledge going to a porn site.

Exit mobile version