Researchers have spotted ransomware that masquerade as an adult-themed Android app, in an attempt to infect unsuspecting users.
Christopher Boyd, a malware intelligence analyst at Malwarebytes, explains in a blog post that he and his fellow researchers detected a rogue Android APK known as “Adult Player” making the rounds earlier this month.
The app claims to provide users with adult-themed content. But in reality, the Cyber.Police ransomware is lurking within.
When the package is activated, Cyber.Police triggers, displaying a three-day countdown during which victims are expected to pay the “fine,” or ransom fee.
Attention! Your device has been locked reasons indicated below
Remaining time to pay a fine
Otherwise the case file will be transferred to the court
All actions are illegal, are fixed. History query stored in the database of the U.S. Department of Homeland Security
First identified by Blue Coat Systems back in April, this particular variant displays a pornographic image to victims that may be considered illegal in many jurisdictions, with the implication that it is the kind of content that the user has been viewing on their smartphone.
In an attempt to scare users, it also describes a series of crimes the victim has supposedly committed and explains that the victim could face hundreds of thousands of dollars in fines as well as decades in prison.
What would the ransomware have the victim do? Pay the “fine,” of course.
This particular variant demands that the victim send US $200 in iTunes gift cards to the “Treasury account,” which is not unlike TrueCrypter’s demand for Amazon gift cards. Doing so will supposedly halt any legal action against the victim.
But as Boyd explains in his blog post, there never was a criminal case opened against the phone’s owner.
“This is, of course, complete nonsense – no ‘Treasury department’ investigating supposed criminal activity can be bought off with iTunes gift codes. ‘Cyber Police’ Ransomware was most recently doing the rounds last month, and appears to have moved from exploit driven autoinstalls to ‘please click on the thing’ while hoping for the best. Malwarebytes Anti-Malware Mobile detects the above file as SLocker.cx, and you should most definitely avoid running the above file on your Android.”
The researcher goes on to point out that users can protect themselves against mobile ransomware such as Cyber.Police by downloading APKs from trusted sources only, by backing up data frequently, and by using common sense.
Along those lines, users should also consider installing an anti-virus solution on their Android devices. Even a small additional dose of security can go a long way.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.