Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Researchers find ransomware disguised as porn video player

Share

Researchers at Zscaler's discovered a new variant of Android ransomware disguised as a porn video player application.

The malicious app, named “Adult Player,” lures people into downloading and installing it from adult sites under the assumption that it can be used to view videos. Once opened, the app requests administrative permission and attempts to gain access to the front camera of the device to take a picture of the victim using the app. It then locks the phone and displays a message with the victim's picture claiming that the phone has been blocked by the Federal Bureau of Investigation (FBI) and that the victim must pay a $500 fine. The malware is designed to stay persistent even after a reboot.

Based on screenshots of the ransomware in the report, the malware appears to target English speakers in the U.S. and references the FBI, Department of Defense and other U.S. government agencies. The malware isn't available for download in legitimate app stores however, researchers reported victims downloading the app directly from adult websites.

In order to remove the malware researchers recommend that the user boot the device into safe mode, noting that this function may vary by device. The user must them go into the “Device Administrator” under “Settings and Security” to select the ransomware app to deactivate its admin privilege. Once this is done a user can go into the “Settings” and uninstall the malicious app.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.