One example of the Koler variant.

Image Source: The Hacker News

Koler targets Android OS and spreads via infected websites and SMS messages designed to trick recipients into clicking on a malicious link hidden behind a URL shortener. It blocks the device screen with a persistent window showing a fake law enforcement warning and a demand for payment in the form of MoneyPak prepaid debit cards. Despite ransom note claims, Koler does not actually encrypt any files on the device.

  • Information on how to remove Koler from an Android device can be found here.