A new type of ransomware has been brought into circulation, and it is targeting mobile devices running the Android operating system. There are a few hoops to jump through before one’s device is infected, but this new threat is a primary concern for mobile users. However, the ransom does not have to be paid in Bitcoin, for a change.
Porn Ransomware Makes The Rounds On Android OS
This particular new type of ransomware works in a rather unusual way, as fake text messages are sent out to Android users all over the world. In the message body of these texts, there is a link to an adult website, which users can visit to download a video file. Once the user has done so, their device’s screen is locked, and a ransomware message is displayed.
But there is more, as this ransomware uses the smartphone camera to take a selfie of the device owner. Moreover, the message on the screen also mentions how the social network of the owner, as well as local authorities, will be alerted regarding this person browsing the Internet for child pornography. All of these texts are displayed in Russian, which only adds to the overall confusion.
Trend Micro, who discovered this porn ransomware on Android a few weeks ago, noted how the malware has target Russian Android users for the most part, although it has spread to eleven countries in total so far. According to the company’s information, 3,400 devices have been infected with this malware to date.
It has to be said, however, that this mobile porn ransomware strain is making the user jump through various hoops. Not only do they need to visit the site mentioned in the text message, but also download a file, which asks to install an app. During this installation process, the application asks for administrator rights, which the user has to approve manually. Most Android-savvy users will figure out what is going on well before any real damage is done.
Once a user has been infected with this porn ransomware, they can restore access to the Android device by paying the one-time fee of 1,000 Ruble. Failure to do so would mean all of the encrypted data is removed from the ransomware c&c servers, and all of the information will be sent to the authorities within 12 hours after being infected.
Paying this ransom will not be done through Bitcoin, which is rather unusual in the ransomware business these days. Instead, the message makes note of the VISA QIWI wallet and includes a mobile phone number users have to send a text to, as well as the payment reference they should use.
What are your thoughts on this porn ransomware targeting Android users? Let us know in the comments below!
Source: Tweakers (Dutch)
Images courtesy of Shutterstock, Tweakers