Fake Kiddie Porn Ransomware Snaps Your Photo
A nasty new form of Russian mobile ransomware says you're guilty of watching kiddie porn -- and even snaps your photo to 'prove' it.
There's no rational reason why anyone but a security researcher would want to install malware, so cybercriminals use social engineering instead.
They know that users who fear personal information is in jeopardy will click on almost anything — for example, a Russian ransomware scam that accuses you of watching illegal pornography, and includes a personalized mug shot to boot.
This information comes courtesy of the Tokyo-based security firm TrendMicro in a post for its TrendLabs Security Intelligence blog. The tale is almost as old as smartphones themselves. A suspicious text message promises tantalizing adult videos, and directs a user to a hastily cobbled-together site with a smattering of smutty content. The site prompts the user to download a "video," which is really Android ransomware in disguise.
MORE: Best Android Security Apps
When it's installed, the ransomware snaps a photograph with the user's front camera. Theoretically, this should capture the user's face, although it's just as likely to get a shirt or an overhead light fixture.
Then, the malware displays the photo and accuses the user of trying to access pornography featuring children, animals, incest, rape and (this is Russia) gay sex. Unless the user coughs up 1,000 Russian rubles (approximately $15), the app threatens to notify all of a user's contacts about his illicit viewings, and forward his information to the police.
Naturally, the app can't do anything of the sort, but even the threat of it has made a lot of people sit up and take notice. Although Trend Micro doesn't have information on how many thwarted would-be Onans paid up, the firm reported that the malware has infected more than 3,400 people, mostly in Russia.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
While this malware may sound scary, every single step of the process requires user confirmation, and sends up a clear red flag. A moderately savvy Internet user has five or six solid chances to avoid the scam.
Unsolicited text messages often link to scams, not legitimate websites. The porn sites in the links are obviously fake, having little real content and shoddy designs. The "video” downloaded is actually an APK, an Android executable file — no video should have to ask your permission to install anything.
When installed, the program requests access to the phone's highest administrative levels, including the ability to erase all data on the phone. Even the blackmail threat is suspicious, since it claims to do impossible things (like slap a "PEDOPHILE" label on a user's YouTube account).
If you did fall for the scam, though, the ransomware is a particularly weak strain, so don't pay up. Depending on what kind of Android phone you have, you can probably reboot the device and uninstall the app; any Android security program worth its salt can do the same. (This isn't encrypting ransomware, which would render files unreadable even after a reboot.)
Perhaps it's time to add "Never click on unsolicited SMS links to questionable pornography" to the rich trove of Russian folk wisdom.
Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.