BOOBIES: That's what naïve app users were hoping for. Instead, they got demands for $500 ransoms plastered across their Android screens. The perp is the Adult Player app developer.
And that's what you get for downloading random APK files -- a locked device with a badly-worded "FBI Warning" burned into the display. Surprise!
Yes, it's episode #529 of "Stick to the Google Play store, you idiots." When will people learn?
In IT Blogwatch, bloggers check "Unknown Sources." Not to mention: HELLO, PROFESSOR...
Your humble blogwatcher curated these bloggy bits for your entertainment.
[Updated 2:35 am PT with more comment]
A po-faced Aunty speaks peace unto nation:
Adult Player appeared to offer pornography, but secretly took pictures of users with the phone's front-facing camera [then] displayed a demand for $500.
…
Apps which demand money from people with a threat to release private information, or wipe a device, are known as ransomware.
…
The app was not available from...Google Play, but could be installed directly from a webpage. MORE
Kat Hall smirks a smirk at the "users" of such apps:
A new frontier in horror has been breached. [It uses the] image of your grimacing face to extort money on pain of exposure. ... The ransom screen stays persistent even at reboot.
…
To avoid being the victim of such evilware...it is always best to download apps only from trusted app stores, such as Google Play. MORE
So how did Zscaler's Shivang Desai come across the rude app, eh? Eh???
During the course of our daily malware hunt, we came across a new mobile ransomware variant that leverages pornography. [It] lures victims who assume it is a pornographic video player.
…
[It] loads another APK named test.apk from it's local storage using a technique referred to as a reflection attack [which] is the ability of a program to examine and modify the behavior of an object at run time, instead of compile time. [That] could be to evade static analysis and detection.
…
We also encountered additional apps belonging to this ransomware family and exhibiting similar functionality. [So don't check] "Unknown Sources" under the "Security" settings of your device. MORE
So let that be a lesson to you. Here's Rob Jackson's warning:
Be warned: you should always stick to downloading apps directly from the Google Play Store whenever possible. If you download and install apps from “Unknown Sources”, makes sure you do your research on the app’s authenticity and the company behind it. ... And regardless, you should always review the app permissions.
…
If you REALLY want to download an Android porn app, we recommend you check out... [You're fired -Ed.] MORE
Yes, Geoffrey Smith thinks about other types of movie:
It’s more evidence, if you still needed it, that Mel Brooks (in History of the World, Part I) was closer than Stanley Kubrick and Arthur C. Clarke (in 2001: A Space Odyssey) to understanding the Dawn of Man.
…
[It's] another example of how Android’s open source architecture leaves it more open to abuse than systems such as Apple Inc’s iOS. MORE
Meanwhile, Jay Gunneh makes meh while the sun shines:
They want my money or else! Or else what? They’ll tell people I watch porn? Euhm ok? Why do people think watching porn is a bad thing?
…
This is like being held ransom for liking Justin Bieber, sure you’d prefer people didn’t know but in the end who gives a ****? ... Lets face it, we all do. MORE
Update: James Covert and Chris Perez hype it up a notch:
A new app has a dirty little secret. ... The way the scam works is simple. ... Once someone clicks on the fake porn app’s icon — a woman’s breasts shielded only by her fingers —...the program commandeers their device and gains control of its front-facing camera.
…
But experts warn that even if the user coughs up the money, the hackers have still been refusing to unlock their phones. The scheme is driven by pure greed.
…
Incidents involving ransomware have increased by 127 percent since 2004, according to experts. ... News of the cyber-shakedown comes just a month after hackers released the personal information...from the notorious spouse-cheating Web site Ashley Madison. MORE
And Finally...
"I recorded my professor saying 'hello' every day."
[hat tip: David Pescovitz]
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.