Researchers find ransomware disguised as porn video player

Researchers at Zscaler’s discovered a new variant of Android ransomware disguised as a porn video player application.
Researchers at Zscaler’s discovered a new variant of Android ransomware disguised as a porn video player application.

Researchers at Zscaler's discovered a new variant of Android ransomware disguised as a porn video player application.

The malicious app, named “Adult Player,” lures people into downloading and installing it from adult sites under the assumption that it can be used to view videos. Once opened, the app requests administrative permission and attempts to gain access to the front camera of the device to take a picture of the victim using the app. It then locks the phone and displays a message with the victim's picture claiming that the phone has been blocked by the Federal Bureau of Investigation (FBI) and that the victim must pay a $500 fine. The malware is designed to stay persistent even after a reboot.

Based on screenshots of the ransomware in the report, the malware appears to target English speakers in the U.S. and references the FBI, Department of Defense and other U.S. government agencies. The malware isn't available for download in legitimate app stores however, researchers reported victims downloading the app directly from adult websites.

In order to remove the malware researchers recommend that the user boot the device into safe mode, noting that this function may vary by device. The user must them go into the “Device Administrator” under “Settings and Security” to select the ransomware app to deactivate its admin privilege. Once this is done a user can go into the “Settings” and uninstall the malicious app.
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS