Six Arrested Over Japanese Android Porn Virus

AZA43 writes "Tokyo police have arrested six men, including two IT executives and one former tech exec, in connection with an Android malware campaign that netted $265,000. The men created a piece of Android malware that they disguised as a video player and distributed through an adult website. The app stole personal information and attempted to extort money for data 'protection services.' The malware doesn't appear to be particularly sophisticated, but it convinced more than 200 horny Japanese dudes to shell out $1200 each. And the arrests are one of, if not the, first time a major police force brought down criminals who used Android malware to extort a significant chunk of cash."

Ahem

convinced more than 200 horny Japanese dudes to shell out $1200 each

Either A) Japanese women don't look at porn, or B) They were smart enough not to shell out $1200

Re:Ahem

[Nadaka]

Either A) Japanese women don't look at porn, or B) They were smart enough not to shell out $1200

Or C) They don't use Android.

Japanese women ARE Android.

Re:Ahem

Dermatologist here. Posting as AC via TOR for obvious reasons - if my fellow professionals found out I am breaking the code and talking about this, they would kill my family and make me watch. We are doing everything we can to stop this woman, but the truth she has uncovered is just too powerful. We're not doing this just to protect our profession, but because the first-world economy is dependent on our spending. If this gets out, and people stop going to dermatologists, it could mean the end of civilization as we know it. Damn that woman!

Wait wait wait

[davidbrit2]

Are we talking Android, the operating system, or android, the robot design concept? This is Japan we're talking about, so... you never know.

Re:Wait wait wait

[kehren77]

I saw "Japanese Android Porn" and just assumed robot. Android the OS didn't even occur to me for a 10-15 seconds.

Re:But /. said Linux don't get malware?

[alvinrod]

I don't think there have been any large pieces of malware released for iOS, but they're possible. Charlie Miller had snuck an app into the app store that could have functioned as malware if here weren't just doing it as a proof of concept. Also, every time a new jailbreak is released for iOS, it could potentially be used for malware, especially some of the older jailbreaks that simply required loading a PDF or visiting a web page.

Apple's security model does help to prevent some cases where it's easier for Android to be targeted, but otherwise iOS could be infected. I'm sure we'll see one eventually. Whether it's someone slipping something by a reviewer or someone who develops a jailbreak deciding that they can get a lot of money selling it on the black market, it's bound to happen given the popularity of the platform and how much data is available on a person's mobile device these days.

Re:But /. said Linux don't get malware?

[TheCarp]

Linux will get malware when? Ha, we have had malware for years, haven't you ever heard of emacs? It is a nearly fullly functional trojan OS disguised as a shitty text editor. This is nothing new for us.

Re:video player??

[coinreturn]

OK well beyond this specific thing, this whole idea of installing "custom" video players just for one specific video seems insane to me.

Like, we've had good and trustworthy video players for a really long time. Hell, mplayer runs damn near on every platform that exists. Then something comes along and says, "hey, to see this video you MUST install "MyCustomPlayerItWontJackYourSystemWeSwear!!.exe" ... and people do that shit? WTF?

Same for music. Why in the hell prompted the break from the former "standard, trustworthy players separated from the content they play", and towards, "using custom apps for every little thing?" You see it increasing now on tablets too.

It's crazy!

Horny teenagers will install it even if its called "MyCustomPlayerItWillJackYourSystem.exe if they're promised some hardcore porn.

Anroid != GNU/Linux

[betterunixthanunix]

I do not disagree with the sentiment, but let's try to be clear here. Android is a very different OS from Fedora. "Linux" is just not a very descriptive name for an OS anymore.

Re:wow executives that can code!

[GodfatherofSoul]

Lots of execs can code (e.g. my boss). It's after the company goes public and the corporate bureaucrats start running things that you get the elevated accountants and managers running the show.

Re:But /. said Linux don't get malware?

[vawwyakr]

These people elected to install a program on their phone from a porn site without considering the security implications. This wasn't a virus breaking in through some security hole. This was a program that required the user to turn off a security setting on the phone and then install ignoring the security page (or they thought "sure it seems completely normal that some porn video player requires those security settings"). So the only blame here is the user doing something entirely stupid. iOS of course fixes this by assuming its users are stupid and locking them into only allowing apps from their market to be installed.

Re:Walled Gardens look quite nice

[Microlith]

I know, because being able to do whatever you want (even if there is some risk) is so very, very terrible.

Re:But /. said Linux don't get malware?

[highphilosopher]

Correction. There are two ways to be infected by a trojan:

1. Buy condoms that aren't sealed (of the Trojan brand of course).

2. Buy a cheap hooker in Troy

Either one could work fine for you right?

Re:video player??

[PlusFiveTroll]

A while back all the Monitizers figured out if you don't hide the data behind an app, anybody with a bit of sense could make a better program than you and take all your business, hell someone might even open source it and kill a lot of the profit in the market. At one time many software providers had a lockin on their customers with binary software and undocumented file formats. With the rising of the internet a lot of closed file formats died along with their parent companies and a era of openness ensued. Now again we have a new form of lock-in called the cloud where a black-box app sends data off to the twisted nether. If they don't give you a way to export your data to an open format of some type, you've taken a step back in many ways.

'Why in the hell prompted the break from the former "standard, trustworthy players separated from the content they play" '
This. "non-standard apps separate customers from their money, pay to play."

Re:Walled Gardens look quite nice

[amicusNYCL]

I guess if your only 2 options were a walled garden or a "field of manure" then you might have a point. A malicious app that affected 200 people doesn't exactly taint the entire Android environment. Conversely, the walled garden approach does affect all non-jailbroken iOS users.

Re:But /. said Linux don't get malware?

[Stormtrooper42]

Any OS can get "malware", however a *nix OS at some point requires either active agreement by the computer's operator to be installed or active attack of an exploitable programming error and/or socially engineered user rights.

That would be true with any modern OS (yes, even windows, unless you're running XP with admin rights)

In this case, it's an Android app, so when you install it, it tells you what it can access on your phone. Yet, users didn't cancel the installation, apparently.

Re:But /. said Linux don't get malware?

[Luckyo]

Essentially all jailbreak techniques are application of malware principles (but for a good purpose from user's PoV). For example, some time ago your iphone could get rooted (and jailbroken) by visiting a certain webpage. This vulnerability has since been long fixed, but as long as there are ways to jailbreak, there are vectors for malware through same backdoors.