Android users visiting adult sites on their phones have reportedly been targeted with ads for a fake PornHub app, infecting devices with a new variant of the Koler ransomware. The ransomware is not new and first emerged in 2014, when developers of the Reveton virus, which reportedly targeted Windows systems, created an Android counterpart and advertised it on Russian underground hacking forums.

Koler shares similarities with its Windows screen-locking ransomware predecessor, such as locking victims out of their devices and displaying an image purporting to be from the FBI, demanding that people pay a fine for visiting adult sites.

BleepingComputer reports that the new campaign spreading Koler was first spotted by ESET security researcher Lukas Stefanko. The researcher noted that the cybercriminals behind the campaign were pushing the fake PornHub app infected with the ransomware, targeting people visiting adult sites.

Victims visiting adult sites were duped into downloading the fake PornHub app, which in turn tricked users into allowing the malicious app to gain admin privileges. During the installation process, the fake app would execute clickjacking techniques – hijacking users' clicks/taps to grant itself admin rights.

Stefanko told BleepingComuter that a few years ago, Koler became one of the first Android ransomware strains to have incorporated clickjacking.

How to remove Koler ransomware

Fortunately, unlike some other ransomware strains that cannot be decrypted and removed easily, victims of Koler can get rid of the malware relatively easily. Koler can be removed only by rebooting the infected device in Safe Mode. Once the device has been reeboted, Koler's admin rights must be revoked and the fake PornHub app has to be uninstalled.

According to Stefanko, the Koler ransomware is currently only targeting Android users in the US. There are numerous strains of Android malware that have recently trapped hundreds of thousands of victims. Generally, such users' devices get infected with malware-laced apps downloaded from third-party sources. Despite Google's attempts to crack down on Android malware, this seems to be a prevalent threat. It is highly recommended that users avoid downloading apps from unknown third parties to remain safe from such intrusions.