Adult Player, pornography-focused ransomware takes secret photos of victims

Security firm Zscaler spotted Adult Player, a new malicious pornography-focused ransomware that takes secret photos of victims to blackmail.

Security firm Zscaler spotted a new malicious Android app used in a classic extortion scheme to request a ransom to the victims. The malicious app dubbed Adult Player appeared offers pornographic content to its users, but in reality it takes pictures of them by exploiting the phone’s front-facing camera.

The application acts as a common mobile ransomware, in fact, the malicious Android App lock the mobile device and request the victims a payment of  $500 (£330) fee to unlock the smartphone.

Mobile ransomware are becoming a privileged instrument in the criminal ecosystem to rapidly monetize the effort, a report recently published by McAfee, the Threats Report, reported that the total number of ransomware samples grew 127% in the past year.

Adult Player is an example of pornography-focused ransomware, it is an Android app not available on the official Google Play, once installed by the victims it asks for admin rights.

The app was not available from vetted storefronts such as Google Play, but could be installed directly from a web page.

The ransomware checks whether front camera is available or not, if available, it takes a photo of the victim while he is using the Android app and used the acquired image to personalize the ransom page.

“The ransom screen is designed to stay persistent even at reboot. It does not allow the user to operate the device and keeps the screen active with ransom message.” states the blog post published by Zscaler.

Ransomware like this relies on the embarrassment factor threatening the victim’s reputation. The researchers have already discovered other mobile apps belonging to the same ransomware family that has many similarities with Adult Player.

Users that are targeted by this kind of threats don’t have to pay the ransom and have to wipe their system restoring a clear image of their mobile. As usual, do not download apps from non-official stores, don’t jailbreak/root the device and never click on a link contained in an email that ask you to download an app.

In order to remove Adult Player experts at Zscaler suggest the following steps:

1. Boot device into safe mode (Please note that entering “safe mode” varies depending on your device). Safe mode boots the device with default settings without running third party apps.
2. Uninstalling ransomware from device requires you to first remove administrator privilege. To do the same, go to Settings –> Security –> Device Administrator and select ransomware app, then deactivate.
3. Once this is done, you can go to Settings –> Apps –> Uninstall ransomware app.

Safe mode loads the operating system without running any third-party apps, allowing people to delete malicious software.

Pierluigi Paganini

(Security Affairs – Adult Player, ransomware)