Android porn app holds your handset hostage until you pay up
An Android app that promises free porn has been secretly snapping photos of its users as they enjoy its content. “Adult Player” then locks up the victim’s device and uses their photo in a ransom note demanding $500.
Discovered by Zscaler, Adult Player cannot be downloaded from Google Play, but is easily discoverable with a quick Google search for a certain kind of Android app. Its promise of free porn lures users in before slapping them with a hefty bill for nothing.
Once installed, Adult Player asks for permission to monitor screen-unlock attempts. This should be the red flag that causes users to back out immediately, but unfortunately, many hit the “activate” button in pursuit of saucy content.
With the permissions it needs, Adult Player quietly installs another package in the background named “test.apk.” The reason for this is unknown, but Zscaler suggests it could be “to evade static analysis and detection.”
When you use Adult Player, the app detects whether your device is equipped with a front-facing camera, then snaps your picture. The malware then locks your device and uses your image to create a personalized ransom note demanding $500 for your handset’s freedom.
“The ransom screen is designed to stay persistent even at reboot,” Zscaler explains. “It does not allow the user to operate the device and keeps the screen active with ransom message.”
Users do not have to pay up to regain access to their device, however. It’s possible to boot into safe mode (check your handset’s manual or search Google) which prevents Adult Player from running. You can then revoke the app’s privileges and uninstall it.
Android users can avoid malware like this by only installing apps from Google Play and other trusted sources. You should never download APKs from questionable sites, even if they promise free porn. There are plenty of harmless websites that offer that… apparently.
- SourceZscaler