A new ransomware variant for Android tricks users into installing a pornographic app then makes a picture of the user after which it shows a notification with the photo and the demand of a ransom to unlock the phone.
The notifications shows the user’s country, the IP address, internet provider and device specifications. To scare the user it also shows a warning stating the user committed a crime and has to pay a ‘fine’ of $500 to regain access to the phone. Victims can pay the $500 ransom to the cybercriminals using a Paypal My Cash Card. The ransomware also remains active after rebooting the phone and renders it useless.
Making a photo of the victim is a method previously also found in Windows ransomware. It likely helps to convince the victim to pay the ransom. Before making the picture the ransomware checks the device for a front camera. When a front camera is found the malware makes a picture of the user when using the app.
Although it’s fairly easy to remove the ransomware by booting into safe mode and then removing the admin rights of the app, it’s better to prevent getting these kind of apps. The app, called Adult Player, is not offered in the Google Play store and security analyst Shivang Desai of Zscaler Labs therefore recommends users to only install apps from trusted sources like the Google Play store.