The cybersecurity firm Zscaler announced the discovery of Android app, called “Adult Player, ” an Android ransomware variant claiming to be from the FBI, which accuses people of watching child porn and then demands a fine of $500.
Download Adult Player will make smartphone locked. But this one takes control of the selfie camera and takes your picture. Then it displays your photo along with the message demanding a ransom.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at office@jewishbusinessnews.com.
Thank you.
Zscaler said it initially appears to the user as if they are downloading a pornographic video, but once the user clicks on the file, it masquerades as the Google patch update and tricks the user into installing the application.
After clicking “Continue”, the malware asks for administrator access to the device requesting permissions such as “Erase all data”, “Set storage encryption”, “Change the screen-unlock password”.
Zscaler identify a dozen people who have been infected but these cyberattacks are getting more personal and disturbing.
Even when the device is restarted, this ransomware keeps control over the device with the image of the ransom message staying locked on the screen.
Once the user clicks on the “ACTIVATE” button, the malware gets administrator control of the device and locks it while displaying a fake FBI warning as seen below. It locks the user’s phone by disabling keyguard and sets top priority for the malware application which ensures that no other application or user activity can override the malware application’s activity.
The FBI warning screen also contains dynamic information relevant to the infected device such as the browser history, IMEI number, phone number and victim’s picture, which has been taken by the malicious app. This is done to intimidate the end user as a warning message suggests that the information will be used by the FBI to identify the user if the fine is not paid.
Zscaler add: “another unique functionality that we observed in this mobile ransomware, that we more commonly see in PC malware, involves checking for the presence of installed AV applications such as ESET, Avast and DrWeb. It then attempts to terminate any AV applications identified.
In order to stay active on the screen and lock out the phone, it disables the keyguard so the user cannot exit the application.”
The best way to avoid such malware is to stick with installing Android apps only from ‘official’ app stores such as Google Play or the Amazon Appstore, said the company.
