FBI virus (also known as “Android porn” or “Adult Player” virus) is now available for android mobile phones as well. It is listed as a ransomware because it locks your certain files and asks you to pay some money in order to unlock them. It is also known as a Trojan Koler malware and if your smartphone is infected with it, you will see a message like this: “ATTENTION! Your phone has been blocked up for safety reasons”. It says that this message is sent by a law enforcement agency (FBI, Australian Federal Police, Metropolitan Police, U.S. Department of Justice) and asks you to pay a fine using one of the following payment systems: GreenDot MoneyPak, Ukash or Paysafecard.
This virus is traveling around the Internet via infected websites. If you are visiting a suspicious looking website and you are offered to install some video player application, do not do this as this possibly can be FBI android ransomware. This virus can only be added to your mobile phone or tablet if you have changed your security settings and have allowed installation of apps from unknown sources, because FBI android virus is not available at Google Play Store. It can also be installed instead of some legitimate looking software, for example Adobe Flash Player update or similar. If you want to avoid getting infected with FBI android ransomware, you should be very careful when browsing the Internet using your mobile device – avoid suspicious looking websites.
The message informs you about a supposedly true fact that your phone or tablet was locked due to some violations made by the owner of the device – for example downloading prohibited content (pornography, copyrighted data and so on). Your mobile device will be completely locked and you will not be able to use it until this virus is not removed for good. Every time you will try to reach some application or simply use your smartphone, you will not be allowed to do this and will see a warning message.
To be able to use your mobile device once again, you will be asked to pay a fine (or a ransom) of approximately $300. The creators of this bogus message prefer this payment to be done using MoneyPak, Ukash, Paysafecard or MoneyGram Xpress voucher payment systems because it is more complicated to track them through these payment networks than when using Paypal or other more popular payment systems.
This ransomware claims that it encrypts your files and the only way to decrypt them is to pay a ransom. The good news is that it is not true. It does not encrypt your files it just blocks you from using your mobile device by displaying pop-over window with the warning message mentioned above. The problem is, that due to this pop-over window you will not be able to reach your system control settings and remove this malware from your device. Even if you try to reboot and then quickly perform this it is not possible, because FBI android virus starts very early when your phone or tablet is just booting.
A lot of users gets scared because this ransomware creates an image of a valid law institution. However, keep in mind that no official institution would ever do that. The message usually looks something like this (the languages may vary depending on the infected device’s location):
“ATTENTION! Your phone has been blocked up for safety reasons listed below.
All the actions performed on this phone are fixed.
All your files are encrypted.
CONDUCTED AUDIO AND VIDEO.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United Stated of America criminal law.
Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading pof pirated music, video warez) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your phone, that unauthorized access had been stolen information of State importance and to data closed for public Internet access.
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.
Amount of fine is 300$. You can settle the fine with MoneyPak xpress Packed vouchers.
As soon as the money arrives to Treasury account, you phone will be unblocked and all information will be decrypted in course of 24 hours.”
You should not pay ransom for these scammers because there are other ways to get rid of it. If you have already done it, please contact your banking service and try to refund your money. Don’t forget to mention that you have paid for a virus or have been scammed, this will improve your chances of getting your money back. If you haven’t done that yet and your android phone is locked right now, please follow the instructions given below and get rid of it.
As reported lately, FBI android ransomware can be removed from your device the same way as Simplelocker ransomware. Avast Malware Removal app claims can both remove the ransomware and decrypt encrypted files.
This is an older variant of a ransomware so it might be that it is no longer actively distributed. If you get infected, the way out of this situation is described below. However, it is more likely to get infected with this type of viruses and not this one in particular. Since 2014 when FBI android virus was first discovered a lot has happened and such crypto-nightmares have become a regularly supplemented family.
How to uninstall FBI android ransomware from your phone
1. Reboot your phone to Safe mode. Press your power button and then press and hold “Power Off” option. If no other option appears quickly, then press “Reboot” instead of “Power off”. When you select to reboot your phone, a new window will pop-up that will offer you to reboot your phone into safe mode. Select “OK”.
If you have done this properly, you will see a “Safe Mode” watermark in the bottom left corner of your screen.
2. Uninstall FBI ransomware from your mobile device. Please notice that FBI android virus is hiding behind the name of “BaDoink” so you need to remove this application. Go to settings menu, then click “Apps” or “Application manager”.
Search for the app called “DaBoink” (please notice that in the future hackers can change this name, for example it can be called Video Player, Network Driver System, Video Render, etc.). Click on that app an select “uninstall”.
After this operation is done, you should see a confirmation message – click “Ok”.
If you did all the steps correctly, your device should be unblocked by now. If you have any problems when trying to get rid of the virus, please post your questions as comments below this article.