Report: Android Ransomware Now Disguised as Porn Apps

Report: Android Ransomware Now Disguised as Porn Apps
Stephen Yagielowicz

LOS ANGELES — A new Android app is making the rounds — and leaving users sorry they installed it.

Called “Adult Player,” the app is seemingly a free pornographic video player, but rather than offering a sexual thrill, it delivers a consumer chill, as it is in reality ransomware that uses the device’s front facing camera to photograph the user. The app is then automatically launched after a reboot of the device, preventing its uninstallation, and does not allow the user to operate the device, keeping the screen active and displaying the ransom message instead.

The app then locks up the phone and its files, and includes the photo in its demand for $500 via PayPal — which it tries to disguise as a message from the FBI, accusing the user of downloading illegal CP and other unlawful material via the app — and thus levying an immediate fine for this “offense.”

According to online child protection expert, Association of Sites Advocating Child Protection (ASACP) Executive Director Tim Henning, the organization has seen this kind of scam before.

“We regularly receive email inquiries from people who have received online threats that they have viewed or downloaded CP and will be reported to authorities for doing so unless a ‘donation’ or ‘fee’ is paid,” Henning explains. “Unfortunately, these scams have the ultimate effect of wasting the precious resources of organizations that fight online CP as well as frightening innocent people.”

While the scam attempts to come across as an official U.S. government action, the demand for “500$” (an incorrect iteration of the American “$500”) clearly indicates a foreign source of the ransomware.

“Organizations and authorities who battle this crime would never operate in this manner and everyone needs to understand that any such threats are fraudulent,” Henning adds. “As malware becomes more and more prevalent and destructive it is in your best interest to have a good internet security suite installed on all your web enabled devices.”

The Adult Player scam was reported last week by cybersecurity firm Zscaler, which offers a mitigation guide for uninstalling the app, and notes it isn’t the first instance of Android malware disguised as porn.

“Upon opening the app, it asks for admin rights. After clicking ‘Activate,’ the app shows a fake update page but nothing really happens in terms of an update,” states Zscaler’s Shivang Desai. “The malware then loads another APK named test.apk from its local storage using a technique referred to as a reflection attack.”

Desai explains that reflection is the ability of a program to examine and modify the behavior of an object at run time, instead of at compile time, and speculates that the technique is useful for evading analysis and detection.

“To avoid being victim of such ransomware,” Desai concludes, “it is always best to download apps only from trusted app stores, such as Google Play.”

Beyond those affected by this ransomware, a bigger issue is the cumulative damage to consumer trust that these bogus apps cause — a trust deficit that makes it more of a leap of faith for users to click on anything adult related. Another complicating factor is that Google’s official app store, like Apple’s, does not permit sexually explicit fare — requiring users to seek this material from third-party distributors that have various levels of customer care at heart.

A search of the top adult app store, MiKandi.com, did not show the “Adult Player” app — illustrating the proactive steps that this trusted site takes towards protecting its customers from harmful software.

According to MiKandi co-founder Jen McEwen, customer safety is a serious concern for the company, so much so that it has always taken what some could call a paranoid approach to ensuring its systems are secure. 

“We’re dealing with a more curated market and so it’s difficult for bad apples to sneak through our systems, but the other issue this latest hack raises is the importance of building trust and transparent communication with customers in today’s app world,” McEwen told XBIZ. “The security and safety of our  online lives is weighing more and more on everyone’s minds lately with each new hack or malware announcement.”

This consumer consciousness is elevated when porn consumption or questions over one’s commitment to their relationship can be revealed, adding a degree of social stigma that results in more payments — and which is not possible by loading this type of ransomware via a “cute cat video of the day” app.

It is a situation that requires a counter message from legitimate adult firms.

“The adult industry is already an easy target because people will rarely defend porn publicly, so we see this as a great opportunity for next generation adult companies to talk about what they’re doing differently,” McEwen explains. “For example, we’ve always taken a proactive approach to dealing with these issues and constantly communicating with our customers, so our installs and registrations are rarely affected by these news events.”

This level of communication and outreach is good both for companies and customers, and is one key to protecting users from malicious app installs or other problems, while rewarding legitimate providers.

“We constantly strive to build a positive environment where adults can access the best in mobile adult entertainment safely and without judgment,” McEwen added. “We’ve reviewed our app library and have not found evidence that MiKandi and our customers were targeted. In addition to reviewing every app that comes through MiKandi before processing, we take other measures to ensure we foster a safe environment for adults.”

By educating consumers and offering quality products and services, the adult entertainment industry can bolster the sense of trust that it needs in order to guarantee its future success — despite the actions of criminals that use porn as a lure for their malicious actions and shady app installs.

Related: