There is a recently discovered ransomware called “Adult Player” that is making its rounds for Android users. The devilish software acts like a porn app, however, when you download it to your phone it begins taking pictures of you, blocks your device and then demands a ransom amount of $500. Downloading random APK files is a major warning, however, for those that are naïve and believe they are accessing a free Android porn app, they are in for a nasty surprise. Once on your phone, the software takes advantage of the front facing camera and begins taking photos of the user.
When done, the software not only blocks your phone but displays a ‘supposed’ FBI warning. As with all ransomware, the purpose is to extort money to have your phone unblocked. The payment demand is through a PayPal “My Cash” gift card. Of course, there is a promise that when they receive the payment, your phone will be unblocked within a 24 hour period.
Zscaler typically accomplishes a malware hunt on a daily basis and in their due diligence, discovered this variant on non-legitimate download sites. When this is downloaded, the ransomware loads an additional APK file called test.apk through a ‘reflection attack’ technique. This gives the ability to examine as well as modify the device at run time, instead of the normal compile time. Zscaler has indicated that they believe Adult Player may be a more evil version of a previous version called “Porn Droid”.
While Zscaler has only been able to identify a small number of people/phones that have been infected, but this newer form of malware has added a new personal layer to cyberattacks. The more disturbing aspect of these cybercriminals is that they have transitioned from the standard computer and are now focusing on smartphones.
Ransomware recovery has taken a new turn and many of the professional companies involved in ransomware removal are now on alert for the latest form of cybercrime. They are apparently taking advantage of a more deeply embedded psychological ploy of how our society views our smartphones. The blocking of a phone, along with a personal picture recently taken is a kind of invasion of privacy that hits more directly as a violation.
There is, of course, one way to avoid falling prey to the Adult Player malware: Make use of the office Google Play store to download all of your apps. However, if a user does find themselves in a situation where they have downloaded the app, there is a process that you can go through for ransomware recovery:
- Reboot your device in ‘safe mode’
- Click on ‘settings’, then ‘security’, then ‘device administrator’
- Deactivate the “Adult Player” app from the device administrator screen.
- Then go to ‘settings’, then ‘apps’ and uninstall “Adult Player”
Once you have walked through this procedure the fix, your device should be free from this particular ransomware app. This fix will not protect the device from any other illegitimate apps that are downloaded and may contain malware.