Android malware
Security researchers have discovered a porn app that takes secret pictures of users and then locks down their phones, threatening to reveal private information or wipe their device if they don't pay $500 Reuters/iStock/IBTimesUK

Security researchers have discovered a new type of mobile malware that pretends to be a porn app, but secretly takes photos of users and then locks their phones, demanding a ransom.

The Adult Player Android app masquerades as a pornography app, but once installed, when it is opened, it secretly takes photos of users with the phone's front-facing camera, according to security firm Zscaler.

Once the photographs are taken, the malware then locks the user's device, threatening to either expose the user and reveal privacy information, or to completely wipe the device of all its contents. If the user wants to keep their information and data safe, he or she must agree to pay a ransom of $500 (£330) via PayPal immediately on the smartphone.

Ransomware can be removed, if you know how

Even if the user tries to shut down the smartphone and restart it by pressing the on/off button, the ransom message will appear as soon as the phone's operating system has finished booting up, so it is impossible for the user to access Settings and try to uninstall the app.

Fortunately, there is a way to avoid paying the ransom and deactivate the app – Zscaler advised that users boot their Android device into "safe mode", which runs the device with default settings, so no third-party apps are activated.

Once the phone is on in safe mode, the user needs to access Settings > Security > Device Administrator, then deactivate the administrator privilege on the Adult Player app and then go to Uninstall in Apps under Settings to completely remove the app.

This is a far cry from PC ransomware like the dreaded Cryptolocker, which has such severe consequences that even a police department in Massachusetts decided to pay a $750 fine in November 2013, in order to avoid losing valuable files.

Ransomware on the rise

Ransomware has been on the rise in the last 12 months, with Intel Security (formerly McAfee Labs) reporting in August that instances of it have increased by 124% since 2014.

Most of this ransomware is designed to target desktop computers and laptops, but it has spread to such an extent that in August IBM warned companies to start blocking usage of the Tor anonymity network in order to avoid corporate ransomware attacks.

There are several variants of Android ransomware that masquerade as free porn apps or adult videos in order to lure users to click on them. In one version, a URL pretends to be a porn video link, but it then asks users to install a Google patch update.

Once installed, the malware then asks the user for permission to take control of settings like "Erase all data" and "Change the screen-unlock password". If the user activates these abilities, then a fake warning from the FBI pops up, accusing users of watching child pornography and demanding the payment of a $500 fine.

"To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the option of "Unknown Sources" under the "Security" settings of your device," Zscaler wrote on its blog post.

Read more about ransomware: