Android porn app secretly snapped users’ photos and used them as ransom

The Adult Player Android app claims to serve up pornography, but its real purpose is to take photos of people using the app and use the photos as ransom. 

The security research firm Zscaler discovered that Adult Player, which is not available on the Google Play Store and must be downloaded manually, contained ransomware, a type of malware that prevents people from using their device unless they pay a ransom to regain access.

Adult Player poses as a porn app and asks for administration privileges when it’s installed. Once someone begins using it, the app silently takes a photo of the user, which then appears on a screen laying out the ultimatum: Pay $500, or be locked out of your device entirely, and know that the app has proof of you using it.

This isn’t the first porn-themed ransomware app that Zscaler has discovered. In May, the company discovered an app called Porn Droid, which tricked users into believing that its ransomware screen was an FBI notice accusing the user of watching child porn and demanding that they pay a fine of up to $500.

Fake porn apps aren’t the only avenue for extortionists. In the wake of the Ashley Madison data dump, hackers demanded money from users of the site in exchange for not alerting their spouses or families.

Ransomware like Adult Player essentially takes control of your phone using the administrator privileges that you grant it, locking you out of the device and preventing you from erasing it. Restarting your phone won’t get rid of the app—you’ll still get the ransom page requesting $500—but according to Zscaler, you can uninstall it by rebooting into in “Safe Mode.”

Boot device into safe mode (Please note that entering “safe mode” varies depending on your device). Safe mode boots the device with default settings without running third party apps.

Uninstalling ransomware from device requires you to first remove administrator privilege. To do the same, go to Settings –> Security –> Device Administrator and select ransomware app, then deactivate.

Once this is done, you can go to Settings –> Apps –> Uninstall ransomware app.

Google in recent years has tried to crack down on malware apps in its official app store, and although its efforts have not eradicated malicious software altogether, the store has become a more trusted source over time.

If you use Android and want to avoid finding yourself in the same situation as Adult Player’s victims, don’t install apps outside of the Google Play Store and don’t grant apps administrator privileges unless you truly trust them.

H/T BBC | Photo via Ervins Strauhmanis/Flickr (CC BY 2.0)    

Selena Larson

Selena Larson

Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.