One example of the Koler variant.

Image Source: The Hacker News

Koler targets Android OS and spreads via infected websites and SMS messages designed to trick recipients into clicking on a malicious link hidden behind a URL shortener. It blocks the device screen with a persistent window showing a fake law enforcement warning and a demand for payment in the form of MoneyPak prepaid debit cards. Despite ransom note claims, Koler does not actually encrypt any files on the device.

UPDATE 6/24/2017: A new Koler campaign aimed at U.S. Android device users surfaced in late June 2017.

  • Information on how to remove Koler from an Android device can be found here.