Porn: It’s malware’s favorite disguise of late.
Zscaler has discovered two more instances of mobile ransomware that are disguised as porn apps and steal personal data from mobile devices.
The first app scares the user with a warning screen that accuses them of watching child porn. The malware then steals the victim's personal data in the background and sends it to a command and control (CnC) server. Upon installation of the app on a device, the user will see a video player icon which, once clicked, displays a fake Cyber Emergency Response webpage. The malware then harvests SMS messages, contacts and email addresses.
“Once the user clicks on the icon, the malware displays a fake warning page,” explained Zscaler, in an analysis. “The warning page pretends to be from the Industrial Control Systems—Cyber Emergency Response Team (ICS-CERT) but is different from the classic FBI/police ransomware pages.”
The interesting thing is, the malicious app does not ask for administrative privileges to lock the device and is fairly easy to remove. Zscaler did not find any code for actually locking the device.
In the second instance, a Chinese SMS trojan is disguised as a porn app to steal sensitive data. Upon installation, malware fools the victim by displaying random adult sites, steals sensitive information and sends an SMS to predetermined Chinese numbers in the background.
Using porn is a savvy tactic: A full 30% of Internet traffic is in some way related to pornography—giving malware authors an easy path to infecting large numbers of users.
During recent data mining, Zscaler researchers noticed an increasing volume of mobile malware using pornography (disguised as porn apps) to lure victims into different scams and stealing personal data or locking phones and demanding ransom payments. Android Ransomware and an SMS trojan leveraging pornography to scam victims has been circulating already, in addition to the two most recently spotted apps.
“We are seeing an increasing number of adult themed Android malware apps using pornography to lure victims,” Zscaler noted. “To avoid being a victim of such malware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the ‘Unknown Sources’ option under the security settings of your device.”
Photo © Fazakas Mihaly