Slashdot Mirror

← Back to Stories (view on slashdot.org)

Porn-themed Android Ransomware Takes Your Picture Before Asking For Money

Posted by timothy on from the say-cheese dept.

An anonymous reader writes with a link to The Stack's report that researchers at security firm zScaler have spotted a clever new variety of Android-based ransomware, which takes advantage of phones' built-in cameras to add a personal touch; it activates the camera to take a snapshot of the user, which is then incorporated into its blackmail note. "The crudely-planned app features an extraordinarily demanding privacy/functionality swap at install, and proceeds to demand a $500 'FBI fine' via PayPal, rather than any of the cryptocurrencies which most ransomware authors currently favour."

108 comments

  1. If they took my picture... by Anonymous Coward · · Score: 5, Funny

    They'd send me money and tell me to go see a plastic surgeon.

  2. Be prepared to wipe your phone at any time? by xxxJonBoyxxx · · Score: -1

    I'm not sure I get this. Who's walking around with a phone that they're not prepared to wipe at a moment's notice anyway?

    1. Re:Be prepared to wipe your phone at any time? by ColdWetDog · · Score: 5, Informative

      I'm not sure I get this. Who's walking around with a phone that they're not prepared to wipe at a moment's notice anyway?

      Everyone else on the planet.

      --
      Faster! Faster! Faster would be better!
    2. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      The VAST majority of smartphone users.

    3. Re:Be prepared to wipe your phone at any time? by bondsbw · · Score: 4, Insightful

      Perhaps parents whose recent photos of their child haven't yet been backed up? Someone who simply doesn't want to go through the hassle? Can we assume that quite a majority of users don't use their devices in the most perfectly organized manner possible?

      "You should always be prepared to wipe" is not an excuse for the poor security that comes standard on many phones. I see tons of complaints here about how crappy the Apple and Microsoft walled-gardens are. Which I agree with. But instead of the same comments lambasting that approach, I'd like to see insightful conversations focusing on securing Android and making the iOS/Windows approaches more flexible.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    4. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      Would it matter if that picture was being passed onto a server somewhere where someone could post it publicly and show that you were a dirty bird looking at something you'd rather not have your peers know you're looking at?

    5. Re:Be prepared to wipe your phone at any time? by geekmux · · Score: 1

      I'm not sure I get this. Who's walking around with a phone that they're not prepared to wipe at a moment's notice anyway?

      I'm sure you're living quite the lifestyle there Mr. Bond, but the rest of society doesn't usually walk around prepared to instantly wipe their damn life from their electronica at a "moment's notice" like you obviously do.

      On top of that, let's talk about the technology that everyone would rely upon if they were actually ready and willing to instantly wipe their devices, as if we've not proven time and time again that the infamous "cloud" is about as secure as a wet paper sack...

    6. Re:Be prepared to wipe your phone at any time? by JustAnotherOldGuy · · Score: 1

      Would it matter if that picture was being passed onto a server somewhere where someone could post it publicly and show that you were a dirty bird looking at something you'd rather not have your peers know you're looking at?

      It wouldn't matter to me, but some prudes or hypocrites might get all pissy about it.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    7. Re:Be prepared to wipe your phone at any time? by Stan92057 · · Score: 1

      What are you doing that you even have to think about wiping your phone?lol And no, i haven't a clue how to wipe my phone. For what reason/reasons would i need too?

      --
      Jack of all trades,master of none
    8. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 3, Funny

      Good point. I wipe my phone after every porn viewing session. I learned that lesson the hard way. It ain't no fun getting an earful of goo.

    9. Re:Be prepared to wipe your phone at any time? by PopeRatzo · · Score: 1

      I'm sure you're living quite the lifestyle there Mr. Bond, but the rest of society doesn't usually walk around prepared to instantly wipe their damn life from their electronica at a "moment's notice"

      Exactly. Most of us carry burner phones that we can just toss in the trash at a moment's notice like Raymond Reddington.

      --
      You are welcome on my lawn.
    10. Re:Be prepared to wipe your phone at any time? by PopeRatzo · · Score: 1

      And no, i haven't a clue how to wipe my phone.

      What he meant to say was wipe with your phone. It's not particularly comfortable but it saves a bundle on Charmin Ultra Soft.

      --
      You are welcome on my lawn.
    11. Re:Be prepared to wipe your phone at any time? by vux984 · · Score: 1

      What are you doing that you even have to think about wiping your phone?lol And no, i haven't a clue how to wipe my phone. For what reason/reasons would i need too?

      Knowing how to wipe it, and being willing to have it wiped are completely separate issues.

      If you lost your phone or it fell into a sink or caught fire what would you lose? Me, I'd lose some photos, I'd be annoyed at the data loss. (And more annoyed at needing a new phone.) But the data loss wouldn't bother me, and I wouldn't pay $10 to a ransom to get it back, nevermind $500.

      The question is who has $500 worth of irreplaceable stuff on their phone?

    12. Re:Be prepared to wipe your phone at any time? by xxxJonBoyxxx · · Score: 1

      >> What are you doing that you even have to think about wiping your phone?

      Working for a corporation. What did you think that app they asked to install on your phone (for BYOD) does?

      >> And no, i haven't a clue how to wipe my phone.

      Your IT department might.

    13. Re:Be prepared to wipe your phone at any time? by mlts · · Score: 1

      It does advance the concept of the paperless office, though.

    14. Re:Be prepared to wipe your phone at any time? by Stan92057 · · Score: 1

      Dude lol i am a normal everyday guy i don't work for any corporation or IT department.

      --
      Jack of all trades,master of none
    15. Re:Be prepared to wipe your phone at any time? by gstoddart · · Score: 2

      Who's walking around with a phone that they're not prepared to wipe at a moment's notice anyway?

      Oh come on ... that question is so naive, simple, or stupid as to defy belief.

      The percentage of tech-savvy, leery, paranoid people who distrust their phone and haven't built their lives around it is vanishingly small.

      Everyone else doesn't know, doesn't care, and as long as they have shiny baubles and new games to play ... doesn't give a shit about this stuff.

      If you "don't get this" it's because you've allowed yourself to live in a bubble in which you actually believe people are tech savvy, knowledgeable, and actually give a damn.

      And that level of willful ignorance defies belief, because you'd have had to avoid so much reality from the last decade as to not be credible.

      We see this shit every day, and screech about it and add more layers of tinfoil. But not knowing the rest of the planet is oblivious means you haven't even tried to pay attention.

      I'm betting the percentage of people ready to wipe their phone on short notice is less than 1 in 50. Possibly less than 1 in 100.

      --
      Lost at C:>. Found at C.
    16. Re:Be prepared to wipe your phone at any time? by Stan92057 · · Score: 1

      I,m just an adv guy, i have zero on my phone except phone numbers. Every image Ive ever taken i uploaded to my PC and got printed out If i want to save them.

      --
      Jack of all trades,master of none
    17. Re:Be prepared to wipe your phone at any time? by cyborg_monkey · · Score: -1

      then shut the fuck up, his comment does not apply.

      Fucking neckbeards...

    18. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      i am a normal everyday guy i don't work for any corporation

      Most of people do. It's called "having a job"

    19. Re:Be prepared to wipe your phone at any time? by trevc · · Score: 4, Insightful

      The VAST majority of smartphone users.

      Exactly. They are smartphone users not smart phone users.

    20. Re:Be prepared to wipe your phone at any time? by ripvlan · · Score: 2

      I wiped my iPhone once (OS update didn't go according to plan). I restored to the last backup (previous night). It worked, everything synced and life went back to normal in an hour.

      However - if my previous backup had had the bad-actor already on it I'm not sure this plan would have worked. One might need a Restore from Day X feature.

      I had other concerns such as - were my photos safe? Most content is pull (podcasts, movies, music) and I'm not worried about that - download again. Content created on my device is what I'm never sure will be restored. If you asked Andriod/iPhone users "Will your data be restored after a wipe?" I'm sure you'd get several answers - all due to confusion over the feature. iPhone for instance requires you to sync with a Mac/PC in order to (safely) delete them from phone storage (which I do, like, twice a year). Sure they are "in the cloud" - but that ain't considered the same thing.

      But I will say - restoring my phone & tablet was much easier than say - restoring my PC.

    21. Re:Be prepared to wipe your phone at any time? by mlts · · Score: 1

      In theory, it is a good thing to have that ability, so if someone loses their phone in an outhouse or it gets grabbed, it can be erased.

      With iOS, iCloud backups combined with one's cloud provider of choice to back up photos/movies in real time helps here.

      With Android, it is a bit harder. Google's restore mechanism is laughable, so to restore data, the best thing is to have a cloud provider for photos/movies, and use a backup utility like Titanium Backup which not just can back up apps... but actually encrypt them [1] and send the encrypted backups to the cloud provider of choice. Using utilities like nandroid also help.

      For most people, losing a phone sucks, but it is far easier to back up a phone than it is a computer.

      As for malware, it does require root, but xPrivacy and some type of app that is an iptables wrapper are musts. This way, if an app doesn't need to phone home, it can't, and even if it got permission to use the camera from initial install, xPrivacy will prompt the user (or just fetch the app's entry from a DB and auto-deny access) and let the user decide if the app requires access to cameras, phone contacts or both.

      In any case, this app is just the first salvo with ransomware. Future ransomware versions will exploit Androids all or nothing permission model [2] and start sending pictures at random to contacts, slurping up contacts, grabbing or overwriting the SD card, impersonating a user via E-mail accounts, and other nastiness.

      [1]: Titanium Backup actually has a pretty well thought out encryption mechanism. Each file is encrypted via a public/private key keypair, but the private key is stored with the file, and decrypted with the passphrase. This way, backups can be done and encrypted with the public key, while a restore requires the passphrase.

      [2]: The selective permission model in the next Android rev only applies to app developers who allow it in the manifest, which most likely won't.

    22. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      In that case you wouldn't worry about wiping your phone either. So you went out of your way to miss the point.
       
      I never thought I'd see that on Slashdot... cough cough.

    23. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      Yup. Some people delegate their smarts to their phones.

    24. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      Only about 1 person in 50 is smart enough to be worth caring about anyway, so I'd say things are properly aligned, in this case.

    25. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      I asked several of my geek friends, and they all said that they could wipe their phone and be fine. Some of them wipe their phone every few months just for good measure.

      Of course, they are all geeks, and may all be in your "1 in 50". But I suspect that the number of people who don't have such a reckless investment in their phones might be higher than you think.

    26. Re:Be prepared to wipe your phone at any time? by Chris+Mattern · · Score: 2

      Wiping the phone does you no good because they already have your picture--the phone sent it to them.

    27. Re: Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      Like they couldn't just take another picture in 99% of cases. Is they photo of your child doing something funny important enough that you will fund criminals to get it back?

      If it is you whole set of pictures over the past 6 months that would be different, but in that case they should be backing it up.

      You never know when you might drop your phone in a toilet or it might get stolen, so there is no excuse for not backing up regularly.

    28. Re:Be prepared to wipe your phone at any time? by khellendros1984 · · Score: 1

      Google, Apple, and Microsoft all push hard for you to use their cloud services, automatically uploading your data to their servers.. Someone non-technical is likely to just go for the default options, which amounts to handing all your data over to $phone_vendor.
       
      My parents fairly regularly have to reflash their iPhones due to upgrade problems. My wife has lost her phone more than once and needed a replacement; she generally distrusts technology, so she doesn't rely on her phone much anyhow. Her contacts are backed up online, and that's about the only thing she cares about. Maybe none of them are at the "at a moment's notice" level, but they're all certainly at the "screw paying $500" level, and none of them are far from average in terms of technical ability.

      --
      It is pitch black. You are likely to be eaten by a grue.
    29. Re:Be prepared to wipe your phone at any time? by porges · · Score: 1

      Isn't the picture just window dressing, though? The ransom is to unlock your phone, not delete your picture. (The FBI warning is obviously fake.)

      I think "wipe and reinstall" on iOS is no problem, because that's what it does when I get a new iPhone: during setup it logs into your iCloud/iTunes/etc and replicates everything from your old phone onto your new phone (except passwords). I'd expect wipe and reinstall to do the exact same thing. Android, I don't know.

    30. Re:Be prepared to wipe your phone at any time? by KingMotley · · Score: 1

      They will learn the first time that they drop their device and it breaks. Or they lose it.

    31. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      Only about 1 person in 50 is smart enough to be worth caring about anyway

      People who say things like this always think they're that 1 in 50, or whatever number they pulled out of their ass.

      They're always wrong.

    32. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      The bulk of employment in the world is provided by small- or medium-sized businesses and the self-employed.

    33. Re:Be prepared to wipe your phone at any time? by Falos · · Score: 1

      > (Score:2, Informative)
      Alright guys. Society's hygiene standards are varied and mostly superfluous; I'm not here to tell you to shower every twelve hours. But there is a line, it's called "sanitary", whereafter actual consequences follow.

      I don't mind most stereotypes and stigmas, but much like disease control I want everyone to keep an eye on that breakpoint.

      So anyway, depending on your use, you might want to check the phone before you start.

    34. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 0

      Get a BlackBerry. Then you can laugh at all the rubes with iPhones and Androids going through this stuff. Because Blackberries don't get hacked.

  3. When using this app, keep your phone pointed down by mykepredko · · Score: 1

    Unless, you have some unusual moles or tattoos down there.

    That way, when the ransomeware comes in you can say "That little thing isn't my junk!"

    --
    Mimetics Inc. Twitter
  4. The Android ecosystem by Anonymous Coward · · Score: 0

    It includes so many clever hacks and malware, it's really interesting to watch from the bleachers what goes on on this swiss-cheese platform.

    1. Re:The Android ecosystem by Anonymous Coward · · Score: 0

      Meh, the same can be said about jailbroken ios devices. Lets not pretend that you don't already know these "exploits" and "malware" typically reside inside sketchy apps downloaded from untrusted sources.

      Still waiting for one of those bugs that lets an attacker gain root access to my device, or crash it, via SMS message. Guess apple has that market cornered.

    2. Re:The Android ecosystem by pruedz · · Score: 0

      Not sure if you can call give admin permission to a sketchy app downloaded from a random porn, "clever hacks".

    3. Re:The Android ecosystem by Anonymous Coward · · Score: 0

      Ah, I see. The title of the submission didn't mention that..

    4. Re:The Android ecosystem by St.Creed · · Score: 1

      Good point. The editor should have realized we're not even reading the summaries nowadays.

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
  5. Sounds more like an Apple App by Anonymous Coward · · Score: 0

    You sure this is android?

  6. Good. by Anonymous Coward · · Score: 0, Insightful

    Take a photo of everyone for consuming porn. Declare everyone a pervert for being sexual.

    When we accept openly that everyone likes sex, we get rid of the stigma, and disarm those who would use our nature against us.

    1. Re:Good. by Anonymous Coward · · Score: 0

      Ahh, so I see you like wanking to Two Girls, One Cup.

      Anyway, you were saying?

  7. Is this amateur hour? by jandrese · · Score: 3, Insightful

    A Paypal account? Paypal locks your account if you so much as blink too fast or too slow. They're never going to see the money. Plus, what is their plan for getting the money out? Having Paypal mail them a check?

    --

    I read the internet for the articles.
    1. Re:Is this amateur hour? by ColdWetDog · · Score: 2

      It's the FBI silly. Paypal will give the FBI money - no problemo. They're the good guys.

      --
      Faster! Faster! Faster would be better!
    2. Re:Is this amateur hour? by jandrese · · Score: 1

      I have to wonder if the scammers insist that they Paypal the money to their "official FBI address", something like: alexey.petrakov@yandex.ru.

      --

      I read the internet for the articles.
    3. Re:Is this amateur hour? by Anonymous Coward · · Score: 0

      I have to wonder if the scammers insist that they Paypal the money to their "official FBI address", something like: alexey.petrakov@yandex.ru.

      You're not the sharpest tool in the shed, are you?

      If you RTFA you would see that you are just using Paypal to preload a card, which you then send the PIN to fbius@gmail.com.

    4. Re:Is this amateur hour? by jandrese · · Score: 1

      Oh yes, that totally sounds like something the government would do. How silly of me.

      --

      I read the internet for the articles.
  8. Just the first stage. by jc42 · · Score: 1, Insightful

    It's probably just a matter of time, perhaps not much time, before some entrepreneurs figure out that is a generally-useful marketing tactic. We can expect that the little "selfie" cameras on phones and tablets are being turned on briefly by assorted ads delivered along with the web page you looked at, and sent back to the mother ship for later use. You won't have to go through the bother of signing in or otherwise identifying yourself, since your ISP/cell company can supply them with that info (for a price). They can then use the photo and your info to persuade you that you should buy some of their products. Or they can just fake the session in which you ordered what they want to sell you.

    I generally keep a bit of opaque tape over those cameras except when I actually want to use them.

    Lessee, I took the tape off this laptop's camera; let's see if the slashcode knows how to send y'all my photo. It's a Macbook Pro, which should tell you which exploit to use. I'm currently sitting on the patio, in the shade of a grape vine, waiting for the temperature to reach a new historic high here in the Boston area. If you can find my photo, tell me the text on my t-shirt. If anyone succeeds, it'll show that this story isn't just someone's imagination. ;-)

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
    1. Re:Just the first stage. by Anonymous Coward · · Score: 0

      It says "I'm with stupid", but with no arrow.

    2. Re:Just the first stage. by jandrese · · Score: 1

      More smartphone cases should have a little slider that you can slip over the cameras when you are not using them. I know the original manufacturer is already hamstrung by the size of the lenses relative to the thickness of their phones, but case manufacturers have more leeway.

      --

      I read the internet for the articles.
    3. Re:Just the first stage. by jc42 · · Score: 1

      It says "I'm with stupid", but with no arrow.

      Hey, where can I get one of those?

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
    4. Re:Just the first stage. by Anonymous Coward · · Score: 0

      I survived winter storm Juno Boston January 2015

    5. Re:Just the first stage. by Anonymous Coward · · Score: 0

      Why can't I get a case with sliding covers over the camera ? Galaxy S4 if someone has a recommendation. Tape is annoying after a while.

  9. Re:When using this app, keep your phone pointed do by andyjb · · Score: 1

    i was clearly sneezing

  10. Why would I care? by JustAnotherOldGuy · · Score: 1

    Why would I care if they had my picture, what exactly does that prove or how does it harm me?

    Personally, ransomware authors should be hunted down and shot, but I think having my picture and claiming that it came from some porn app is a pretty weak threat.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Why would I care? by Tablizer · · Score: 1

      Why would I care if they had my picture, what exactly does that prove or how does it harm me?

      Maybe you are younger or in better shape. I'm sure my coworkers and relatives would have a hardy laugh at my expense if my cam caught me at the wrong time. Let's just say some things are too big and other things are too small.

      --
      Table-ized A.I.
    2. Re:Why would I care? by Anonymous Coward · · Score: 0

      I'm sure my coworkers and relatives would have a hardy laugh at my expense if my cam caught me at the wrong time. Let's just say some things are too big and other things are too small.

      Maybe you should drop your pants AFTER you start the porn program...

    3. Re:Why would I care? by Tablizer · · Score: 1

      I'm assuming it would take periodic or random pictures or frame sets, and sift for those showing the "most" via either cheap 3rd world labor or AI. If the hacker(s) doesn't do that now, it will probably evolve that way within this crime group or a new group inspired by this one.

      To reduce (suspicious) bandwidth, an on-phone algorithm may use simpler AI or criteria to find candidate pics or sequences, and forward only those that look promising back to base to be further scrutinized. That way the phone is not sending every picture. Let's say a million phones are infected. Out of those, they may get only a few thousand home runs, and target those victims, which is good enough for them.

      --
      Table-ized A.I.
    4. Re:Why would I care? by gstoddart · · Score: 1

      Oh, I don't know ... a picture showing what was on screen, a picture of you making your O-face, and a timestamp showing you were fapping to "teenage girls with donkey" when you should have been working might do it.

      That it's taken this long actually surprises me.

      Blackmail only works if the people care if you release the images or not ... but in this case they've also probably locked you out of your phone.

      The problem is that apps demand a lot of permissions they don't really need, and people just give it to them. I'm still waiting for Android give me the ability to have granular control on permissions ... no, you may not read my fucking address book or change the network status.

      That people trusted a porn app at all is mind boggling. That makes no sense at all.

      --
      Lost at C:>. Found at C.
    5. Re:Why would I care? by Anonymous Coward · · Score: 0

      Google will never give you granular control of permissions. Doing so would result in devs leaving that market (and also in devs coding their apps to check for and break if they don't have those permissions).

      You can, at the moment, download special firewall apps that will give you such control, but of course you have to give root to those apps.

    6. Re:Why would I care? by JustAnotherOldGuy · · Score: 1

      Maybe you are younger or in better shape.

      Neither, which is probably why I wouldn't care. (If any gets off looking at me, they have bigger problems than a wad of cash will solve.)

      --
      Just cruising through this digital world at 33 1/3 rpm...
    7. Re:Why would I care? by JustAnotherOldGuy · · Score: 1

      Oh, I don't know ... a picture showing what was on screen, a picture of you making your O-face, and a timestamp showing you were fapping to "teenage girls with donkey" when you should have been working might do it.

      I still wouldn't care. That's tame compared to what they could catch me doing.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  11. ive had to uninstall this stuff before. by nimbius · · Score: 1, Interesting

    Working a a sysadmin means ive been saddled with a corporate phone account for about 200 road warriors and marketing drones. Ive had people come to me asking to reset their phones for vague or meaningless reasons, only to find this crap installed. Aside from the utterly purile grasp the authors present of the various branches of US justice/law enforcement, the cameraphone picture is usually worth a quick chuckle. I keep a folder of mugshots as a trophy for removing this garbage app.

    a quick call to the android SDK adb command is much faster than mashing volume buttons to get into the boot loader.

    --
    Good people go to bed earlier.
    1. Re:ive had to uninstall this stuff before. by Tablizer · · Score: 1

      ...as a sysadmin...[I] find this crap installed...I keep a folder of mugshots as a trophy for removing this garbage app.

      Isn't that risky? A mistake or hackers might uncover the pile. It's probably safer to delete them ASAP. And I assume by "mugshot" you mean more than just a face.

      --
      Table-ized A.I.
    2. Re:ive had to uninstall this stuff before. by sociocapitalist · · Score: 1

      I keep a folder of mugshots as a trophy for removing this garbage app.

      Of course you're getting signed permission from these users to keep those pics so that you don't end up in jail yourself.

      --
      blindly antisocialist = antisocial
    3. Re:ive had to uninstall this stuff before. by Infiniti2000 · · Score: 2

      nimbius calls it a garbage app, but then does exactly the same thing. Hypocrisy at its finest. Oh wait, let's hear from nimbius, "No, I wasn't going to do anything with those pictures, honest! No, seriously, I'm a good guy. I just like storing pictures of people I barely know for no good reason, against their wishes."

    4. Re:ive had to uninstall this stuff before. by Anonymous Coward · · Score: 0

      And you posted this, with your slashdot account. You do realize that you are clearly violating at least 2 different policies your company would likely have. No, being a sysadmin doesn't give you cart blanche to your users data. Keeping those pictures is enough to not only get you fired, it's enough to land you in some steep and deep legal problems.

      I would advise, from one sys admin to another, to immediately stop saving content from your users devices (unless required to do so by law or policy) and I'd certainly recommend you stop posting the fact that you've done this with accounts that could be used to trace you.

      anyhoo.

      What do users worry about losing on their phone? Pictures. That's it, anything else is backed up, settings, contacts. It's always pictures. There are countless free hosting services available, at least 1 of which will be baked into whatever phone eco system you buy into. There's simply no excuse for "not backing up" your priceless pictures.

      Hell, android even integrates this into the camera if you allow it, sending every picture taken directly to googledrive. And don't give me that BS about not trusting the cloud, if you own a smartphone, you are using the cloud and spamming your data to the cloud, like it or not.

      I use facebook as a photodump, that works just fine, onedrive, google and dropbox make up the rest of my "backup" policy.

      I no longer offer data recovery to friends/family because of this. I'm not blaming you for getting a virus. I'm blaming you for thinking a fucking piece of shit smart phone designed to fail in 6 months is a safe place to store these files indefinitely.

    5. Re:ive had to uninstall this stuff before. by Anonymous Coward · · Score: 0

      The company likely owns the hardware and anything installed on it if his company's IT policy is anything like most others in the US.

      If anything he'd get fired assuming his direct superior cared.

    6. Re:ive had to uninstall this stuff before. by TheCarp · · Score: 1

      Of course he also didn't say whether or not he asks for permission to keep the photos. Seems like a bit of an unwarranted assumption to leap right from "I keep a dump" to "I keep a copy whether they like it or not".

      --
      "I opened my eyes, and everything went dark again"
    7. Re:ive had to uninstall this stuff before. by Anonymous Coward · · Score: 0

      Settings > Backup and Reset > Factory Data Reset

      Not sure why you even need to touch ADB or mention bootloader...

    8. Re:ive had to uninstall this stuff before. by amRadioHed · · Score: 1

      Are you kidding? Who the hell would approve if their IT guy shows up and says "hey your phone took some pictures of you using your phone at random times, mind if I keep them?"

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    9. Re:ive had to uninstall this stuff before. by Anonymous Coward · · Score: 0

      Settings > Backup and Reset > Factory Data Reset

      Not sure why you even need to touch ADB or mention bootloader...

      Because the ransomware blocks you from opening into Settings ...

    10. Re:ive had to uninstall this stuff before. by TheCarp · · Score: 1

      Um, I would, tho, I would want to see them first.

      --
      "I opened my eyes, and everything went dark again"
  12. use pornhub by Anonymous Coward · · Score: 0

    problem solved.

  13. Dumb way to do it by Anonymous Coward · · Score: 0

    Why doesn't it instead show you porn (as advertised) send the details of what you like and looked at to a remote server, along with the pic of you it snapped and your name, plus, say, the top 10 email contacts you have.

    Then it can pop up a message saying xyz website will be emailing your porn preferences and your pic, plus how often you look at it and maybe even some of the pix to those email contacts. A lot of guys have wives that would pass out if they found out their guy looked at porn, not to mention bosses that would probably fire them. Being that it's external (and you can go and check it yourself), no way to just format the phone and start fresh. Pay up or get screwed.

    Well, luckily I'm a good guy. :)

  14. Learn from laptops & desktops by Tablizer · · Score: 2

    Perhaps it's time to have hardware covers on phone cams and perhaps a red "open" light and notice beep. Whether they are manual or auto-open is an issue to consider.

    --
    Table-ized A.I.
    1. Re:Learn from laptops & desktops by Anonymous Coward · · Score: 0

      Such hardware covers for phones already exist. It's called "electrical tape."

  15. It's all still too complicated by tinkerton · · Score: 1

    My ransomware app just randomly posts a message "I know what you've been doing!" with a mention of my paypal account.

    1. Re:It's all still too complicated by Agripa · · Score: 1

      I was hot, and I was hungry.

  16. Not possible on BlackBerry by Rigel47 · · Score: 1

    You have to deliberately grant an app access to the camera at install time. It's nice to have fine-grained access controls. For example, Evernote wants access to my microphone but since that's a future I never use, it gets denied.

    1. Re:Not possible on BlackBerry by mlts · · Score: 1

      iOS is similar. The latest version of Android offers this... but only if the app maker allows it in the manifest. Otherwise, if you want to protect your camera, you physically do something with the phone or you use xPrivacy so the app has full and free reign to access what it thinks is the camera... but in reality is just getting a black screen.

      Android's all or nothing permission model is the ecosystem's biggest weakness. How many users even care what the fleshlight app they downloaded use for permissions? Not many. If Google went with an prompt on first use model like Blackberry, it would have caused them a lot fewer headaches.

  17. Extraordinary demands? by Opportunist · · Score: 2

    Yeah, sure, the porn movie wanted to use my phone book, camera, text message system, install programs, modify programs, kill my firstborn and hotwire my car. But ... but PORN!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Extraordinary demands? by Anonymous Coward · · Score: 1

      (Not a smartphone expert) It would be nice if instead of having to grant all permissions to install an app, one could uncheck various permissions and install anyways knowing that functionality would be reduced or broken. 90% of the time the extra permissions are for features I don't want but there is no similar app without those features.

    2. Re:Extraordinary demands? by franciscohs · · Score: 1

      Permissions in Android are seriously broken. Much better the way iPhone does it, it doesn't ask for any permission at install time, when the app needs to use whatever, it will ask the moment it needs it. This way as a user it's much easier to identify the reason why the app is asking for this permission. For example if a text message app uses the microphone for phone calls, even if you didn't know this was a feature of the app, the first time you discover the feature it will ask permission as opposed to Android which will ask for access to the mic and you may not be aware of this feature, in which case you'll just think it's a dubious request, even if it's 100% legitimate.
      Another nice thing about this is that you don't need to give any permissions to an app that you don't want, so you may use all apps with location disabled for example, and use the rest normally,

    3. Re:Extraordinary demands? by Anonymous Coward · · Score: 0

      Take heed for Google have finally fixed this problem with Android M.

  18. Constant mistrust by ChromaticDragon · · Score: 1

    The photo thing here is an interesting twist here.

    But this attack vector seems to require the end-user to authorize things a number of times along the way. As stated in the article the real problem/danger is folk willy-nilly installing apps from heaven knows who.

    I wonder if/when these things will simply never unlock the device. Just keep asking for more money. Or unlock it lock it again for no reason randomly in the future.

    We seem to have reached a strange point with communications technology. We're barraged by blatant fraud from all sides. Nuisance and scam calls on the phones. Nonsense via SMS. Tons of spam to the email. Junk-mail and endless scams via snail-mail. Now fraudulent "we're the FEDS/IRS" via these goofy apps or websites.

    We're being trained to trust nothing.

    1. Re:Constant mistrust by Anonymous Coward · · Score: 0

      It's in the ransomer's best interests to build up a reputation as a total monster who is nonetheless honest. When your phone locks, you Google it on another computer and find a bunch of posts saying "yeah it sucks to pay but at least it unlocks and uninstalls itself properly when you do". If your Googling points to a security expert who says it just locks again in a month you MIGHT pay just to transfer all your files out within that month, but very few people will pay the second time and the ransomer will lose even more first-time "customers".

    2. Re:Constant mistrust by neo-mkrey · · Score: 1

      How is that a bad thing?

    3. Re:Constant mistrust by Anonymous Coward · · Score: 0

      You should never trust anyone or anything, ever. The bar for trust should be set extraordinarily high.

      As kids we're taught to go to the police whenever we see something suspicious. You're taught to tattle on bad people that are doing bad things. Then you grow up and realize that the police are stealing things. You realize that the police actually own the drug plantation. The police are randomly shooting perfectly innocent people.

      You're also taught to be patriotic. Even going to far as to have the pledge of allegiance in classrooms. Then you grow up and realize no-one has your back when you hit hard times. You realize you can be drafted into wars you don't agree with to fight people you have no quarrels with. You realize you can be forced to die for a cause you don't believe in. When (if?) you get home no-one will have your back. You'll come home sans-limbs with no job prospects and be shunned by civilian and politico alike.

      The hand that rocks the cradle is the hand that rules the world. It pays to deprogram yourself a little because the people that taught you to trust are the least trustworthy of all.

  19. Highlights a deficiency in "Unknown sources" by tepples · · Score: 2

    From the featuerd article: "To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the option of "Unknown Sources" under the "Security" settings of your device."

    How does the plural work in "trusted app stores"? Since when has Android allowed the user to specify which other repositories are worthy of trust? I thought "Unknown sources" was just a binary choice between Google only and everything, as opposed to the ability to create a middle ground of trusting Google, Amazon, F-Droid, and no other sources.

    1. Re:Highlights a deficiency in "Unknown sources" by mjwx · · Score: 1

      From the featuerd article: "To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the option of "Unknown Sources" under the "Security" settings of your device."

      How does the plural work in "trusted app stores"? Since when has Android allowed the user to specify which other repositories are worthy of trust? I thought "Unknown sources" was just a binary choice between Google only and everything, as opposed to the ability to create a middle ground of trusting Google, Amazon, F-Droid, and no other sources.

      Google and Android operate on the theory that if you enable unknown sources you are smart enough to figure out what is and isn't safe for yourself.

      The problem Google has is that they have no control over sources outside of their own, so they cant take any responsibility for it.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  20. Ads, too by Anonymous Coward · · Score: 0

    Read about this app last night, and this morning I encountered an ad trying to play off of this scheme... I just closed the tab and moved on - but the fact that porn ads are starting to copy this concept is kind of scary - people may pay out of fear when they could have just closed the tab (like I did).

  21. Fp xdIck by Anonymous Coward · · Score: -1

    fun 7o be again. fate. Let's not be is the ultimate

  22. Are users that dumb? by Anonymous Coward · · Score: 0

    Who thinks they they need a special app to view porn videos? VLC, or the built-in video player will work just fine.

  23. Why won't it read? by sacrilicious · · Score: 1

    "The crudely-planned app features an extraordinarily demanding privacy/functionality swap at install, and proceeds to demand a $500 'FBI fine' via PayPal, rather than any of the cryptocurrencies which most ransomware authors currently favour."

    If only more people were in the habit of reading EULAs before using an app, this kind of thing wouldn't be so prevalent.

    --
    - First they ignore you, then they laugh at you, then ???, then profit.
  24. My Time To Shine! by Anonymous Coward · · Score: 0

    Where can I download this app?

  25. composition by kencurry · · Score: 2

    How do they get a picture of you and what you are looking at together? If it is a mash up, couldn't they just mash up your face (pic they took) with some disgusting porn pic anyway?

    I don't get it.

    --
    sigs are for losers (except to point out that sigs are for losers)
    1. Re:composition by Anonymous Coward · · Score: 0

      How do they get a picture of you and what you are looking at together? If it is a mash up, couldn't they just mash up your face (pic they took) with some disgusting porn pic anyway?

      I don't get it.

      They are hoping to get a pic of you fapping to use for the blackmail. At least that's what I assume since it pretends to be a porn app. Knowing that they have a nude pic of you doing something like that would greatly increase the chances of a pay-off.

    2. Re:composition by Anonymous Coward · · Score: 0

      Front camera and rear camera on device simultaneously.

  26. Which is it? by sglewis100 · · Score: 1

    Is it clever or crudely planned? The article suggests it's both.

  27. PayPal vs Bitcoin by trawg · · Score: 2

    The most interesting thing in the summary is that they're using PayPal over Bitcoin (or other cryptocurrencies). Is this because they're clueless noobs who can't be bothered to figure out how to use Bitcoin? Is it because PayPal is so terrible at stopping accounts engaged in this kind of abuse that they can still make a shitload of money before they're blocked? Is it because they've found Bitcoin is not useful or flexible enough?! So many questions!

    1. Re:PayPal vs Bitcoin by franciscohs · · Score: 1

      Or because it's much more likely that the user that is willing to pay won't have a clue on how to send money using bitcoin so they risk using paypal and getting some money before they are discovered?

    2. Re:PayPal vs Bitcoin by trawg · · Score: 1

      Another good hypothesis!

    3. Re:PayPal vs Bitcoin by Anonymous Coward · · Score: 0

      How are you planning on making bitcoin fiat?

  28. The application of common sense by DrXym · · Score: 1

    Installing an app asking for every permission under the sun / admin rights to watch porn is a terrible idea. I wouldn't be surprised if the app itself came from a dodgy warez site. Though I've also seen sites where a dodgy banner ad immediately starts pushing an apk - literally visit the site from a phone and next thing you know an apk is downloading. It's a terrible security flaw in browsers that they don't stop this.