Latest ransomware scare tactic is porn app user snap

Don't fall for the Adult Player porn app trick
Don't fall for the Adult Player porn app trick

An adult-themed ransomware 'porn app' for Android called Adult Player has been discovered by researchers at Zscaler who have published an analysis along with instructions on how to remove it.

The ease with which it can be removed means it is not terribly effective ransomware but it's designed to scare the user into paying up with a novel trick.

After tricking the user into installing it and “updating” the software, the app locates the front facing camera on the device and takes a picture of the user. This is then displayed in all its glory on the ransom screen along with a demand for US$500 (£300).

The app uses another interesting technique – a reflection attack – when it activates the ransomware module. “The specific reason for using reflection remains unknown but one reason could be to evade static analysis and detection,” Zscaler's researchers wrote.

Your face here 

The ransom screen remains persistent even on reboot, blocking use of the phone. Zscaler advises users to reboot in safe mode, disable admin rights for the app and then uninstall it.

It also advises users to download apps only from trusted sources such as Google Play. “This can be enforced by unchecking the option of ‘Unknown Sources' under the Security settings of your device,” they said.

John Smith, principal solution architect at Veracode, said that ransomware is becoming an increasingly popular way for cyber-criminals to extort people but he is particularly concerned about the growing threat to mobile devices.

He also noted the use of the camera in this attack. “Previously ransomware typically focussed on denying the victim access to their data – encrypting it and demanding payment to decrypt. This latest incarnation seems to take this a step further by exploiting the capabilities of the phone to also capture images of the victim in an embarrassing context, adding a further potential for blackmail,” he said.

Gartner estimates that 75 percent of mobile apps will fail basic security tests in 2015. “While some of this is due to sloppy programming and the insecure use of open source and third-party libraries, cyber-criminals are constantly looking to exploit insecure apps in order to steal corporate intellectual property, track high-profile individuals , and insert aggressive adware for monetary gain. It is therefore essential that we ensure we educate people on the dangers that applications can pose both personally and to corporate environments,” he said.