Ransomware app snares victims with promise of porn, then photographs them looking at it

Share on facebook
Share on twitter
Share on linkedin
Share on email

Here’s a nasty new malware that Android owners should be careful of downloading: an app called Adult Player has been caught locking people out of their phones unless they agree to pay the creators for the privilege of doing so. And it does it in the time honoured way of offering a cheap thrill followed by a guilt trip and blackmail.

Adult Player is the latest in “ransomware” to be flagged by security researchers Zscaler, and according to the team there has a particularly nasty modus operandi. It tempts users into downloading the app by promising pornographic delights, then snaps a photo of them and locks up their phone until they agree to pay money.

It’s not a hundred miles away from the business model of notorious hook-up site for marrieds, Ashley Madison, which was recently revealed to make most of its cash by charging people – many of whom never used the service – to delete their accounts.

Adult Player, which is and was not on the official Google Play Store app, has taken ransomware one step further.Once downloaded, the app requests to be updated. In reality the app uploads information to a central server including an image the app had taken of the user using the front camera of a smartphone.

Once this information was grabbed and the “update” was complete users were greeted with an image of themselves on a warning page with the following message

“FBI. Attention! Your device has been blocked up for safety reason listed below. All the actions performed on this PC are fixed. All your files are encrypted. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography.”

All was not lost though as you could remove the charges by paying a fine of $500 (about R6 948.50) which could be paid using a Pay Pal Cash Card. In reality the creators of the ransomware would just unlock the smartphone.

According to Zscaler, the app locked down the smartphone and couldn’t be removed with a reboot. In fact, users would need to boot their smartphone in safe mode and disable the ransomware’s administrator privileges before deleting it.

The bottom line is that if you’re on an Android phone and don’t know enough to secure your phone yourself, only download apps from the official Google Play store which is well policed for malware. And if you try and download an app from anywhere and it redirects you to a webpage close the page and walk away, your smartphone, your money and the headache you’ll get trying to solve the problem are simply not worth it.

[Source – Zscaler, Image – CC 2.0 by redjar]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.

NEWSLETTER

BE THE FIRST TO KNOW