Ransomware In The Form Of A Fake Porn App Attacking Android Users

Ransomware In The Form Of A Fake Porn App Attacking Android Users

Blackberry Unveils Its Most Powerful Android Phone — May Be The Last Phone From House
Top 23 Best Android Hacking Apps And Tools Of 2016
Only 1.2 Percent Are Using Android Marshmallow On Their Devices

Ransomware is the new form of cyber attack now facing by Android users.Recently Security researchers, Zscaler have discovered a new type of mobile malware that pretends to be a porn app, but secretly takes photos of users and then locks their phones, demanding a ransom.A fake porn player app called ‘Adult Player‘ is taking advantage of this vulnerability.

The “Adult Player” app lures in its victims with a sexually charged icon. Not found on Google Inc.’s  Playstore, the app is being distributed via less reputable third party app stores. It’s important to note that such third party app stores must be explicitly enabled in Android by the user. However, given the presence of some fairly reputable third party stores, e.g. the Amazon.com, Inc. Android app store, this isn’t that rare for Android users to have done.

AdultPlayer_App_Permissions

The app exploits MDM rights for its ill purposes. [Image Source: Zscaler]

Once installed the app requests a new set of permissions upon device open – remote administrative rights. Interestingly, this impacts even users of non-jailbroken devices as it’s effectively the perversion of a legitimate feature, the Device Administration API. This API is legitimately used as the basis of most mobile device management (MDM) solutions.The app also appears to have access to the device cameras, although it’s unclear from the Zscaler post when exactly those rights are approved. Presumably they’re part of the list of permissions the user approves when the app is first installed, prior to the request for additional MDM rights. Once the user opens the app it checks for a front-facing camera. If one is found, it takes a selfie of the user. Once the photographs are taken, the malware then locks the user’s device, threatening to either expose the user and reveal privacy information, or to completely wipe the device of all its contents. If the user wants to keep their information and data safe, he or she must agree to pay a ransom of $500 (£330) via PayPal immediately on the smartphone.

How Ransomware Can Be Removed?

 

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back, like above mentioned App.Ransomware has been on the rise in the last 12 months, with Intel Security (formerly McAfee Labs) reporting in August that instances of it have increased by 124% since 2014.

So first of all if a device is attacked by Ransomware App, user may start to see a message,that your device has been locked and if you want your Administrative privileges back,then you have to pay a sum of amount to  their online account.Else they will delete all your datas and break phone.So even if the user tries to shut down the smartphone and restart it by pressing the on/off button, the ransom message will appear as soon as the phone’s operating system has finished booting up, so it is impossible for the user to access Settings and try to uninstall the app.

Fortunately, there is a way to avoid paying the ransom and deactivate the app – Zscaler advised that users boot their Android device into “safe mode“, which runs the device with default settings, so no third-party apps are activated.Once the phone is on in safe mode, the user needs to access Settings > Security > Device Administrator, then deactivate the administrator privilege on the Adult Player app and then go to Uninstall in Apps under Settings to completely remove the app.

To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the option of “Unknown Sources” under the “Security” settings of your device.

COMMENTS

WORDPRESS: 0