Ransomware Disguised As Porn Viewer Blackmails Android Users
Security researchers find malicious Android app that photographs users and then blackmails them.
Microsoft Insider: 2 Days On Redmond Campus
Microsoft Insider: 2 Days On Redmond Campus (Click image for larger view and slideshow.)
Android smartphone owners looking for some excitement are getting more than they bargained for if they download an app called Adult Player. The app masquerades as a porn video viewer, but instead goes on the attack.
Adult Viewer is not available from the Google Play Store, so most people aren't going to stumble across it casually. The app needs to be loaded directly from the publisher's website, according to security researchers at Zscaler, and only then if users are careless enough to allow "unofficial sources" to install apps. Once installed, the app asks for a series of permissions (a standard step in the app install process) and then it takes over the device.
With permissions granted, Adult Viewer downloads several malicious files that let hackers gain control of the front-facing camera. The app snaps several pictures of the user on the sly and sends the photos to the hackers. After this step is complete, the hackers lock up the phone and demand a digital payment of $500 via PayPal. The hackers say they'll unlock the device and delete whatever pictures they may have scored once the ransom is paid.
Zscaler warns that even if the $500 ransom is paid, the hackers won't unlock the phone.
Rebooting the device won't bring the device back to life, say the researchers, as the code starts the app immediately on reboot. This is a way around the problem, but it requires some tech know-how.
[Lax with your lock pattern? Android Lock Patterns Laughably Easy To Guess]
Zscaler suggests infected devices be booted into safe mode. The process for this varies by device. Handsets booted into safe mode run only the default apps and not third-party apps. In order to rid the handset of the ransomware, users will need to remove administrator privileges for the app (Settings --> Security--> Device Admin). With the ransomware selected, deactivate it. After it is deactivated, users can uninstall it manually (Settings --> Apps --> Uninstall). Following these steps rids the handset of the app, which can then be booted normally with full user control.
The researchers say they've found several other apps that take a similar path toward hacking Android handsets and warn users to beware of unofficial apps.
"To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play," said Zscaler in a blog post. "This can be enforced by unchecking the option of 'Unknown Sources' under the Security settings of your device."
This should be well known to IT admins. Though many third-party apps available unofficially are benign, such apps aren't subject to Google's security safeguards. Google sweeps Play Store apps for threats. It may have discovered the slick scam in Adult Viewer and booted it from the store before anyone downloaded it.
Bottom line, be careful where you get your apps.
About the Author
You May Also Like