The use of pornography to lure people into downloading malware has long been a common tactic used by identity thieves and scammers. In 2005 the massive data breach of information broker LexisNexis was caused by a Florida police officer at work who clicked on a link in an email promising pornography and ended up downloading malware that enabled the hackers to steal the police department’s password and login information to provide access to LexisNexis’ data banks. Now a malicious Android app called Adult Player that promises free pornography has been discovered by the security company, Zscaler. Once the app is downloaded it secretly takes a photo of the smartphone user with the front-facing camera. It then promptly locks the phone and demands a $500 ransom be paid by PayPal or the phone will remain permanently locked and all stored data lost. This app is not available at Google Play, but is only available from a website that was not vetted by Google.
The first thing to take away from this story is that you should be careful about where you obtain your apps. Although no official app store is totally safe, legitimate app stores such as Google Play investigate apps before making them available and do a good job of avoiding apps with malware. Also, this story reminds us to always back up regularly all of your data from your smartphone, computer and all other electronic devices. If you were a victim of this scam, Zscaler says that you can remove the app by opening your smartphone in safe mode, switch on the administrator mode and then select and disable the app.