A new piece of Android malware appears to offer pornographic images but instead takes pictures of the user via the phone’s front facing camera, then locks up the device and demands a $500 ransom.
Called Adult Player it was discovered by researchers at Zscaler. Having checked that a camera is available and taken a picture, it sends details of the victim's device and operating system to the remote servers before displaying the user’s picture on a personalized ransom screen.
Once infected the device will display the ransom screen even after a reboot. Researcher Shivang Desai writing on Zscaler's blog says, "The ransomware is designed to stay stagnant on screen and does not allow the the victim to uninstall it. Rebooting the device does not work in such cases as ransomware app becomes active immediately after reboot, which leaves no scope for the victim to get into device 'settings' and uninstall the ransomware".
The best way to avoid this type of infection is to only download apps from trusted sources and enforce this by unchecking Unknown Sources in the device's security settings. If you have been infected the malware can be removed by booting the device into safe mode.
Depending on the device and version of Android you can access safe mode by a long press of the Power Off option after pressing the physical power button -- you should be asked if you want to boot into safe mode. Or on older hardware or Jelly Bean systems by holding down both up and down volume buttons as the phone boots.
Adult Player is the second instance of porn themed ransomware uncovered by Zscaler following on from Porn Droid in May of this year.
Image Credit: LoloStock / Shutterstock