Malware-embedded porn apps provoke Android lockscreen attacks

Android lockscreen malware disguising as porn apps are an increasing concern for IT security analysts who predict a growth in attacks.

Dell SonicWALL Threats Research team found the yet-to-be-named malware as “immature, but potent”. Once Android users are infected they are locked out of their tablet or phone and forced to complete a complex extraction of the app to get control of their device back.

“We have found over a 100 different apps that contain this malware and suspect that the authors behind the apps are gearing up for a much larger more deadly assault,” said Alex Dubrovsky, director of software engineering and threat research for Dell Security.

Android allows users to install porn-themed apps that replace the lock screen and imbue it with different functionality, which attackers are exploiting by tricking users to install the lock screen apps that are difficult to remove. SonicWall said attackers are not executing remote code or taking over a user's Android device however, “Once the application starts running, encoded data is transmitted to multiple domains in the background.”

Dubrovsky says the apps request a lot of permissions including device administrator rights, making the apps hard to remove if granted, but for now they do not appear to steal data or request cash.

 “At present, only the System Settings is unusable but apart from that the device can be used as normal. Considering the volume of malicious apps that are part of this campaign it can be said that this campaign might grow bigger in the near future with updated components. We can expect a different lockscreen image in the future that demands ransom in some form,” SonicWall researchers reported.

Affected devices appear to be Android 4.4 KitKat. Dubrovsky says pwned users can kill the malware using Android Debug Bridge.