Experts from US security firm Zscaler have found that a malicious “pornography” Android mobile app takes pictures of users secretly, locks their phone and demands $500 in ransom to unlock their device back.
What the porn app in question, named “Adult Player,” actually does is that once installed, it clicks an image of the user secretly from the front-camera of the device and starts displaying it on the ransomware screen along with a message demanding $500 (£326) to be paid via PayPal.
In return for the payment, hackers promise to unlock the device and delete all the photographs obtained.
Apparently once the ransom message appears it stay fixed on the mobile phone screen, even if the device is made to reboot. The ransomware does not allow the user to operate the device and keeps the screen active with ransom message.
“During the course of our daily malware hunt, we came across a new mobile ransomware variant that leverages pornography to lure victims into downloading and installing it,” noted Zscaler security researcher Shivang Desai in a blog post.
“This ransomware acts as a porn app named Adult Player and lures victims who assume it is a pornographic video player. When the victim starts using it, the app silently takes a photo of the victim, which is then displayed on the ransomware screen along with the ransom message.”
It is to be noted that the Adult Player app is not available via Google Play and is only available via third-party stores and needs to be side-loaded.
The security firm suggests that one of the ways to get rid of the malicious software is to boot the device into safe mode, where – once in device administrator mode – the app can be selected and disabled. Once done, users can uninstall the app via Apps in Settings.
To avoid such ransomware, Zscaler suggests users should download apps only from trusted app stores. This can be enforced by unchecking the option of ‘Unknown Sources’ under the ‘Security’ settings of the device.
