Porn app secretly takes photos of users to ransom them
A US internet security firm has discovered smartphone malware disguised as a free porn service that covertly takes pictures of users through the front camera and then demands ransom from them, threatening the victim with disclosure of personal information.
A malicious program called ‘Adult Player’ masquerades as a video service offering free pornography, the American Zscaler internet security company found. After installation, if a front-facing camera is available, the malware takes a covert snap shot of the user. Then it locks the smartphone, displaying a ransom banner that is very difficult to bypass.
The app demands $500 to release control of the device and reappears even after rebooting the smartphone.
In their blog post the internet security specialists said that “this ransomware acts as a porn app named ‘Adult Player’ and lures victims who assume it is a pornographic video player.”
“When the victim starts using it, the app silently takes a photo of the victim, which is then displayed on the ransomware screen, along with the ransom message,” they added.
The message claims the phone has been locked “for safety reasons” and demands that a payment be transferred via PayPal.
'Petificial Intelligence!' Babysitting device will have your dog taking selfies http://t.co/LiKN5pyS6mpic.twitter.com/iKCZ63Bab0
— RT (@RT_com) September 6, 2015
The malicious app has never been available on the official Google Play or Apple store but could be downloaded directly from a website.
Zscaler experts said it was a new type of so-called ransomware, which extorts money from users by threatening to disclose the user’s private information or wipe data such as photos and documents from the device.
An Intel Security report published in August stated that the number of ransomware programs targeting primarily personal computers and laptops has increased by 127% since 2014.
“One of the reasons for the increase is that it’s very easy to make. There are people you can pay to do the work for you, and it pays really well. One group we tracked made more than $75,000 in 10 weeks,” Raj Samani, chief technology officer for Intel Security in Europe, told the BBC.
‘Largest known hack’: Malware steals over 225k valid Apple accounts http://t.co/E3PsXlC7Yepic.twitter.com/7ukS6t0abB
— RT (@RT_com) September 2, 2015
“Apps like this rely on the embarrassment factor. If you don’t pay, your reputation is on the line. Ransomware is more prevalent on computers than phones, but this could be the start of a trend,” he added.
‘Adult Player’ is the second ransom smartphone app disguising itself as a free porn app. Earlier this year, another malicious program called ‘Porn Droid’ was uncovered that uses a similar strategy to extort people and demanded the same $500 to unlock the phone.
The ‘Porn Droid’s’ warning message, which pretends to be from the FBI, states that the authorities have detected visits to “forbidden pornographic sites,” prompting the device to be blocked, as reported by Wired.
Not OK, #Google! Covert installations of ‘eavesdropping tool’ raise alarm http://t.co/xal8thCHoWpic.twitter.com/6FCNnYHFH3
— RT (@RT_com) June 24, 2015
Zscaler specialists advised any person that had downloaded ‘Adult Player’ to restart their smartphones in a safe mode, which would run only the device’s operating system without any external programs, thus allowing users to delete the malware.
However, Raj Samani from the Intel Security European department also emphasized that one could stay safe just “with some basic common sense.”
“Some ransomware threatens to delete your photos, videos and documents so back up your data. Then if you are targeted you can wipe your system and start over,” Raj Samani told the BBC.
“Only download apps from the proper Google Play store. And if you receive an app download link in an email, don’t click it,” he added.