Malicious Android porn app snaps users for ransomware sting

$500 bounty to stop your embarrassing selfie going public

An Android device called Adult Player has been discovered by security experts at Zscaler to play host to malicious ransomware malware.

The app promises the user pornography, but instead secretly takes photos using a device's front-facing camera. After this, the device is locked and displays a demand for $500 (£330) before it will return functionality of the device to the user.

The lock screen calls the ransom amount a "fine", inviting the blackmailed user to pay up through PayPal.

The message purports to be from the FBI, accusing the user of accessing "forbidden pornographic sites" and positioning the extortion as a punishment for a crime.

"As soon as the money arrives to the Treasury account, your device will be unblocked and all information decrypted in course of 24 hours," reads the message.

"Then in 7 day term you should remedy the breaches associated with your device," it continues.

The app also directly threatens the user with exposure of the images it has taken, as well as elements of their privacy information and deletion of all data on the device.

Restarting the device will not disable Adult Player, as it loads again on boot. However, a safe mode boot has been confirmed by Zscaler to allow affected users to work around the ransomware's block.

Removing administrator privileges, then navigating the device's settings and security menus will allow an uninstall of Adult Player, which calls itself "ransomware app" in Android's app list.

"Adult Player" is not hosted on the Google Play store. It has to be sideloaded into Android, which involves asking for administrator privileges, allowing the app to do its damage.

It is recommended never to download apps from outside the Google Play store unless the software's origins are well known.

Ransomware is a mounting problem, with hackers making a reported 1,425 per cent ROI on exploit kits.