Android Ransomware Masquerades as Free Porn App
Published on: 8th Sep 2015
Note -- this news article is more than a year old.
An Android app that claims to be a video player for porn has turned out to be an extortion scam that locks phones until people pay up to have it removed.
The app is not an official Google Play store download, so users have to acquire it from a dodgy download server, but that has still managed to catch out a number of people.
When the victim starts using it, the app silently takes a photo of the victim, which is then displayed on the ransomware screen, along with the ransom message. The app demands a ransom of US$500.
The ransom screen is designed to stay persistent even at reboot. It does not allow the user to operate the device and keeps the screen active with ransom message.
As noted by Zscaler, the ransomware can be removed by using the following steps:
- Boot device into safe mode (Please note that entering "safe mode" varies depending on your device). Safe mode boots the device with default settings without running third party apps.
- Uninstalling ransomware from device requires you to first remove administrator privilege. To do the same, go to Settings --> Security --> Device Administrator and select ransomware app, then deactivate.
- Once this is done, you can go to Settings --> Apps --> Uninstall ransomware app.
On the web: Zscaler