Mobile Security

Difficulty removing Koler Trojan or other ransomware on Android?

A new Android ransomware dubbed Koler has been spreading as a fake adult themed streaming service ‘BaDoink’ app.

Uncovered by security researcher Kafeine, Koler uses familiar “Police Locker” tactics to get victims to pay a ransom for unlocking their PC or device.

Traced back to the team that brought us the Reveton ransomware, Koler uses FBI and other police agency symbols to look legitimate, as well as carefully crafted text.


While your files and other data are not encrypted by Koler.a, the annoying browser page takes over as the active window.

Koler is delivered with site redirection, once installed and running the device is taken over by the ransom browser page, pressing the Home button or attempting to dismiss the page works for a very short time. The page will reappear when you attempt to open another app or within a few seconds.

This causes removal problems because you don’t have enough time to uninstall through normal methods.

The good news is you don’t have to pay the ransom to remove.

First off, Malwarebytes Anti-Malware Mobile detects as Android/Trojan.Koler.a and will prevent and remove this Trojan on your Android device.

However, at times there are race conditions where Koler’s page is up and has control of the screen or you might not have a security tool installed.

You can try the traditional method of going to the app tray and dragging the icon to the Uninstall/Remove area, but you have a limited amount of time before Koler resurfaces.


Safe Mode
The quickest manual solution would be to use Android’s Safe Mode, similar to Windows, Safe Mode is a diagnostic environment where third-party apps won’t load and you can remove.

Anyone see a theme here?

This slideshow requires JavaScript.

Booting to Safe Mode
Because of various Android updates and different device/carrier flavors I’ll provide two methods hopefully they’ll work for you. If they don’t, you will have to look up how to do it on your particular device.

Jellybean, Android 4.1 and up

  1. Power Button
  2. Long press Power Off on screen
  3. Press ‘OK’ to reboot to Safe Mode

Prior to Jellybean or above steps do not work.

  1. Power button
  2. Press ‘Power Off’ or ‘Restart’
  3. Restart if powered off
  4. Hold ‘Volume down’ button while booting up.

Once in Safe Mode

  1. Settings
  2. Apps
  3. Locate BaDoink app or any other app you want removed.
  4. Uninstall
  5. Restart device

To keep safe from such auto-download/install attacks on Android keep ‘Unknown Sources’ disabled and stick to trusted sources. The creators of the real BaDoink app are not behind these tactics, the app’s likeness was used.

2 thoughts on “Difficulty removing Koler Trojan or other ransomware on Android?

  1. 2934c37 says on May 10, 2014 at 9:29 pm :

    All these nonsecure os allow them to be screwed all day apple leads the way but not by example but by truth. Only because there os system is locked locks keep honest men honest honestly.
    I knew android was and is acceptable to all viruses coded to be repeat offenders
    as in the txt above thank you malwarebytes ive been fixing computers a long 14yrs and many changes to them throught times and always you are a first to second choice keep being the best. I WILL

  2. 2934c37 says on May 10, 2014 at 9:31 pm :

    also you can use android commander to remove the files in android that are not supposed to be there but root needs to be done first to run through the system deleting things

Leave a Reply

Subscribe to our YouTube Channel