Koler Android Trojan
Вставка
- Опубліковано 4 тра 2014
- malwareup.org
In today's video I take a look at a new ransomware trojan for Android called Koler. Koler very closely resembles the Reveton/Moneypak desktop locking ransomware found on Windows. When closed, Koler will open its block page every few seconds, making device use nearly impossible. While not always feasible, it is possible to open some type of task manager and kill the "BaDoink" process.
I apologize for the lack of videos lately, I've been pretty busy with classes and the semester ending so I haven't had much time to make these videos. - Наука та технологія
"Let's just install our animal porn" Never thought I'd hear that.
"consequences will never be the same
cyber police"
fucking dead lol
The best part is how "be the same" is absolutely tiny in comparison to the rest.
As someone who works with cellphones, it's amazing how many times I have had to remove this thing from customer's phones...
I had a similar trojan on my sony xperia tipo, much more persistant than the Koler trojan, I wasn't able to remove it, no antimalware could remove it so I just factory reset the device and it was gone.
So you had to remove... That APK file too? xDD How would they explain that? Or would it be named something else?
Well that tells me what people like
3:22 anyone else notice that it says "your computer will be blocked" "instead of your phone will be blocked"? fail.
Yup haha
lol
a phone is a computer
*****
what???
Scrap Mail a computer computes things. a phone computes things. a phone is just a mobile computer, not quite a laptop, but more functionality than a calculator.
OH SHIT, OBAMA'S POINTING AT YOU
Almost as scary as going to one of those shit haunted houses.
It would be fucking spooky as Hell if it was Uncle Sam
Ecohazard118 since Trump is the president will it show him now :/...?
I think at the point when your animal porn pack asks for full control of your phone, you would shut it down. Are people really that desperate for bestiality?
Miles "Tails" Prower
*Judge*
>consequences will never be the same
Topkek
ROFL
I laughed at Cyber Police being there but when I saw it said Consequences will never be the same I just choked on my cereal.
Just boot it into save mode.
***** Maybe he gave it administrator rights.
***** Some time ago I had an app using admin rights to change the pincode. Even after booting it into the save mode I could not uninstall it so I had to do a full wipe using the recovery.
***** Yeah it just loads the preinstalled apps but it seems that admin rights can avoid it.
That police badge is hilarious!
Ikr
FYI Rogue if you're running 4.4 you can use the built in recording feature.
Consequences will never be the- _are you fucking kidding me...?_
Mareepu no I'm not. why?
if you are rooted can't you just plug the phone into the computer and delete the badoink apk or what ever its called straight from the computer?
Can't you reboot into safe mode and remove this? (to boot into safe mode hold the power button and then hold the reboot button on the power menu and click ok)
Does it work if I just plug it in the computer and move the file to C:/$RECYCLE$ (RECYCLE BIN) I didn't get infected but I'm just asking.
You do know that on most android systems now, if you hold down power off on the screen on the power off menu, it will open a dialog box 'reboot in safe mode?'. This will disable all startup applications and allow you to run MalwareBytes quite easily.
Couldn't you run the device in Airplane Mode so it cannot connect to its server, kill the process, then run Malwarebytes Mobile?
Where do you get that task manager program?
Could the user not use ADB and pull the app/delete from the device?
Of course, not everyone would know what to do but it would beat having to factory reset or flash a new ROM.
If you have TWRP recovery you could also delete it with its file manager, which should be easier than ADB.
I'm not really up to date with tech terms, but if your talkin about using a computer to search through the phones file manager via usb, then theoretically you can by just deleting the apk off the phone. Androids can not get a virus which makes it 100000 times easier to remove because it's just a Trojan that stays with the defected file.
What rim do you have rogueamp?
rougeamp how are you recording your phone if you have a virus in the backround? vurtual machine?
I think an emulator. Idk, I'm not him.
If you enable developer options, you could enable a shortcut that allows you to kill apps by holding the back button. There is also another option, whose name I forgot, which allows you to force quite and wipe app data via task list.
Rogue I need help. I downloaded some crap off google play and I keep getting "senddroid notifications" which are all fake and/or spam
Is Rougeamp really from Flower Mound, TX or is that a fake IP?
Safe mode should usually work, it's pretty much the same as the Windows one, disables third-party apps and services, one downside is that the widgets on your launcher might be reset, but again that's just a minor issue.
What happens if you enter the wrong code three times?
Couldn't you restart the phone and open task manager as soon as possible to kill it?
This just teaches you not to download furry p0rn.
If you can find some online then okay.
Anyone else wondering who where why and how somebody discovered a trojen with that name...?
could u use
Android
Debug
Bridge
Ya know, you could've went to the launcher, long pressed ln, "BaDoink", went to app info, and uninstalled from there, right?
You should see what happens after you wait the time period until arrest and see if it does anything.
What kind of android phone do you have?
Can some knows how to unlock the prism from a tablet reset bottom isnt working
What android emulator do you use?
This happend to my phone it just pop up with out me downloading anything my phone been acting up the pass days idk what to do
Can't you just connect your Android device to your computer and use some antimalware program from the computer to scan your device, and remove this trojan?
Hey rogueamp, will you take a look at some android fake AVs? Like Virus Shield, Skulls antivirus or something like that?
He did two fake AVs for android already (Armor for Android and some other one), if you meant if he can look at more then I'd also like to see some of that. Too bad android malware is boring 99% of the time...
I have in mind making a bunch of boring android malware in one video, becouse it wouldn't make sense to record dedicated vido for just one useless malware app.
can u do, the phone videos in landscape instead if portrait?
Widescreen ftw!
depends if the app supports it
Banned From Life it depends if the ogrelord loves me
I rhink found this on malware did it gave you an option to reload?
Adrian Dezendegui This isn't malware..
+Roth Gaming (TheLonelyGamer) IT A VURIS! A VURISSS!!!!!
what is droid VNC server.
I have seen the SAME thing on my Windows 7 Computer. It blocked my browser (Google Chrome).
I think that's why I backup often using the ClockWorkMod tool, if something like this were to happen to my phone I'd possibly reflash it using a CWM backup.
Best option is like you said, to avoid using external applications outside of the Google Play Store, but even then, it's more helpful to be protected from things like this (using Lookout Android Security and Antivirus for Android 3.2.0 myself)
From Android 4.4 ADB now has a function to do screen recording from the phone. Would it make things smoother? I don't exactly know,
i was looking for some help on the fbi virus but while looking on my hct desire i found something i never seen before with all my apps its was called browser update i didnt know what it was so i deleted it now the virus has gone. luckily its an old android phone so its a bit slow but it worked in my favour i deleted the virus before it started up, so if you get a fbi virus keep an eye out for an app called browser update hope that helps.
You could also kill it remotely over the Android Debug Bridge if you have it enabled...
Enjoyed! Keep them coming!
Did you now You can emulate Android
dual window?
u can adb uninstall if u enabled debugging
I remember when i had a windows version of this from looking at porn (early 2013) it took over the whole screen and no way to exit. I had to reinstall Windows because i didn't know how to fix it.
why didn't you emulate android?
+Antonio Rodarte (DiamondEevee) i think this is emulated
I've always wondered what would happen if you typed in a $5 code...
What the hell kind of ROM is that?
how to remove the fbi virus in my samsung tablet ?
i just wonder what is his cellphone provider thinking...
What phone does he have?
how did you get task manager and file manager?
Google Play
Google Play, but they are pre-installed on most custom ROMs. By the looks of things, rogueamp is using either Cyanogenmod or another ROM based on it.
Read the vid description, hope you did well on your finals, Rogue. I'm in the same boat.
"Obama is pointing at you" lol
I got the finnish version of this malware on my phone like 2 years ago. Stupid me tried to download a game from the internet and dowloaded some game that added a sketchy system update notification on my phone. Then I tried to install the "update" and soon sauli niinistö was staring at me through the screen with my ip addres below him. I managed to remove the virus by booting into safe mode and factory resetting from the service menu.
Why didn't you tried to uninstall it manually then delete the .apk file.
You also can long press the power button then long press the Shut Down option and reboot in Safe Mode where no external apps can run except the system ones.
+Ticomfreak But some stock ROM's do it too
Thats what i thought.
That picture of Zapdos, its amazing
Wasn't it from Sonichu?
@@BatterMontaguemusic Six years late, but yes, yes it was.
"Virgin Mobile" oh.
Your voice sounds like the audio has been heavily compressed.
Your from texas?
Yoooo Cybervision, never expected to see you here.
or, your are going to wish you could dual-boot with windows mobile or Firefox OS to remove the app from there.
What happened to your intros on every video ?
couldn't you reboot the phone and it would end the process?
No, it's set to start up on reboot.
ah.
Do u now how to fix my pic it has Trojan into computer lags so bed
Grammar Nazis are having a field day right now.
Translation; do you know how to fix my PC it has a probable Trojan in it.
Answer: specify
I have no taskmanager. And what I do now?
Ben_kalleLP Hold the power button in your device.A window appears.Then hold "Power off" option in the window that appeared.Click OK then your phone will reboot.Finally you can manually delete the malicious files and the malicious app.
The badge beats everything
wait wtf why is there a file called animalporn.apk
Couldn't you just use bluestacks? Vnc is kinda choppy :p
What phone is he using?
its either of those because i recongnize the design of this phone and these came out in 2011
holy shit did they seriously look up "cyber police badge" and believed it was a real one
I CAN'T GET THIS TO RUN!
How u do that with a Samsun device galaxy
Turn off your phone then reboot it when its rebooting keep pressing the "menu" button on the lest side (for Samsung ga3) that will turn safe mode on then you can go to your files find the virus and get rid of it.
I could do that with a galaxy s3
works 100%
thank you !!!!
a quick adb can remove this as long as the trojan doesn't ask for root permission you're fine....
fantastic.
Jessy Slaughter badge? Really? Are they even trying?
definitely the way rouges going to be in future
Why do they want money packs?
It's ransomeware and money packs are anonymous to send.
moneypak is harder to trace then credit card
im pretty sure that all android devices has a task manager by default.
Not the Xperia u and the google nexus 7
nope but many oems do
Where did you download it man? cause i want to prank up my friends.
it's ok i know how to format the phone using the computer. but thanks for the information.
sorry for my english dude.
I laughed so hard at the badge!
Teh Engrish! It burns!
You could download Clean Master from CM Mobile, it can end all the apps from one click
No you shill
It's the Cyber Police! Ya dun goofed.
You should try "Best Antivirus" adware. I got it once.
That happens to me on mediafire it takes me to fake scammers and says I'll be in jail for banned and underage things
ItZ ReDz 😂😂😂😂
Sterling Joseph the internet for you screw you scammers
I guess the name Koler is supposed to be a reference to the toilet brand Kohler.
MoneyPak how origanal e.e
It's supposed to be a way to transfer money to PayPal instead of using a credit card but it's abused by cyber criminals the same way wire transfers are abused by scammers
***** Thanks :P
Huh. I live closer to you than I thought. San Antonio here
You can always go to safe mode on android and uninstall that sgit
His isp is Verizon wireless
Only Do On Android Emulator
Try and do the GameOver Zeus trojan. It looks through your financial data and if it finds any credit card information/phone numbers/names it will open up CryptoLocker.
BaDoink. Such a good name!
Bad oink.
CommentChannel yep.
It's the name of an old porn site, but not the kind which served animal porn.
is that zello I see
Hi bro
I use spynote v5
A want to delete sms from victim phone without root and device Admin
Can you help me ?
And i think i can use android terminal with payload
Tnx