PornHub App Leaves a Rash, of Ransomware

Ransomware targeted U.S. users of adult websites.

A version of the Koler ransomware has been targeting U.S. users of adult themed websites. The original version of Koler was created in 2014 by the same group behind the Reveton Windows ransomware. It has sense been seen several times over the years.

The current campaign is hiding as a PornHub app. For the last week, this false app has been advertised on various shady adult websites.

Upon installing the fake app, victims are presented with a screen asking the user to click a “continue” button. There is no option to cancel the operation. When the user clicks the continue button, in a method known as clickjacking, the user is actually giving the app administrative access to the device. This is all that is needed to overlay the ransom message on the user’s device, allowing no other action to be taken.

Luckily, this method of ransomware is easy enough to remove provided the user knows how. User’s need to boot the phone into safe mode, remove the ransomware’s user from the admin group, and uninstall the fake PornHub app.

I wonder if the method of delivery was purposeful in that many people will not ask for help given they were infected from a pornographic application? In any event, we can be sure that this will not be the last we see of Koler.





Founder & Owner of UTB Blogs. Former BlackBerry Elite. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.