Screenshot thanks to Bitdefender

Android Porn Viewers Held Hostage by Virus


If you decide to spend some of your private time watching porn from your Android phone or tablet, you might find yourself held for ransom by a new virus being spotted by users worldwide. Your device becomes basically useless until you pay a $300 “fine” to the hackers via an untraceable payment service.

The virus, known as Android-Trojan.Koler.A, will tell the infected user that they are being charged by their local government (the user’s country is detected by their IP address) for having viewed illegal pornography. The only way to avoid losing access to their phone and potential further issue  is to pay the so-called fine. This Trojan was first reported by independent malware researcher Kafeine and has been spotted by BitDefender as well.

While viewing one of supposedly 200 or more porn sites, the user will be told that they must download a media player called “BaDoink” in order to view premium videos. Savvy browsers usually know better than to just install an application on a prompt like this without knowing what it is, especially since it is a direct download rather than through the Google Play Store. By default, you have to alter your security settings to even make this possible. As gullible as the infected users may seem, we understand that they may have been caught with their metaphorical (or literal) pants down.

Once infected, users will be unable to use their back key and the app will tell them that their device storage has been encrypted. As a matter of fact, it has not been encrypted; Android’s security permissions do not allow that kind of access for apps. However, you cannot navigate to your home screen for more than 5 seconds before the warning prompt will reappear. To some extent, it should be rather effective against users who do not know how to uninstall the app or just take the virus’s word that their files have been encrypted.

If you (or your “friend”) have been infected, uninstallation is not as hard as it seems. Do not pay the fine! You don’t need to. In that 5 second period between your press of the home screen key and the virus’s reprompt, you need to manually uninstall it. The easiest way to do this quickly is:

  1. If it didn’t appear there automatically, find and drag the BaDoink app icon to your default home screen. This may take the entire 5 seconds.
  2. Once it is there, press and hold on the BaDoink icon and drag it to the top of the screen where most devices have an “uninstall” icon. Nova, Apex, and some third-party launchers will bring up the uninstall option when your press, hold, and then release. Some other devices may require you to find BaDoink in your app drawer (that place where ALL of your apps are) and then go through the drag and drop process to the uninstall icon.
  3. If you can’t find the uninstall icon or your device doesn’t make this feature handy, you can boot your phone into safe mode. On Android 4.1 or higher, press and hold your power button until you get the restart menu. Press and hold on the “power off” option until you are asked if you want to boot into safe mode. Say yes! On older devices, holding VolUp+VolDown+Power for 10 or so seconds usually accomplishes this task. Don’t be afraid to search for info on your specific device if you are having problems.
  4. Once in safe mode, only the apps that came with your phone will work. Go to settings, then apps, then find BaDoink in the app list. Tap on it and then hit “uninstall” on the next screen.
  5. Reboot your phone to get back to normal.

Android’s security settings make it pretty difficult to pull off this kind of operation any more effectively than this one does, but it obviously could take advantage of users that don’t know these processes or the fact that you should not download shady apps via direct download from porn sites. Bitdefender believes this virus is a test run of sorts by some well-known malware creators who are attempting to see how much money can be made from this kind of scheme.

Tags: Android Technology Weird