Slashdot Mirror

← Back to Stories (view on slashdot.org)

Porn-themed Android Ransomware Takes Your Picture Before Asking For Money

Posted by timothy on from the say-cheese dept.

An anonymous reader writes with a link to The Stack's report that researchers at security firm zScaler have spotted a clever new variety of Android-based ransomware, which takes advantage of phones' built-in cameras to add a personal touch; it activates the camera to take a snapshot of the user, which is then incorporated into its blackmail note. "The crudely-planned app features an extraordinarily demanding privacy/functionality swap at install, and proceeds to demand a $500 'FBI fine' via PayPal, rather than any of the cryptocurrencies which most ransomware authors currently favour."

16 of 108 comments (clear)

  1. If they took my picture... by Anonymous Coward · · Score: 5, Funny

    They'd send me money and tell me to go see a plastic surgeon.

  2. Is this amateur hour? by jandrese · · Score: 3, Insightful

    A Paypal account? Paypal locks your account if you so much as blink too fast or too slow. They're never going to see the money. Plus, what is their plan for getting the money out? Having Paypal mail them a check?

    --

    I read the internet for the articles.
    1. Re:Is this amateur hour? by ColdWetDog · · Score: 2

      It's the FBI silly. Paypal will give the FBI money - no problemo. They're the good guys.

      --
      Faster! Faster! Faster would be better!
  3. Re:Be prepared to wipe your phone at any time? by ColdWetDog · · Score: 5, Informative

    I'm not sure I get this. Who's walking around with a phone that they're not prepared to wipe at a moment's notice anyway?

    Everyone else on the planet.

    --
    Faster! Faster! Faster would be better!
  4. Re:Be prepared to wipe your phone at any time? by bondsbw · · Score: 4, Insightful

    Perhaps parents whose recent photos of their child haven't yet been backed up? Someone who simply doesn't want to go through the hassle? Can we assume that quite a majority of users don't use their devices in the most perfectly organized manner possible?

    "You should always be prepared to wipe" is not an excuse for the poor security that comes standard on many phones. I see tons of complaints here about how crappy the Apple and Microsoft walled-gardens are. Which I agree with. But instead of the same comments lambasting that approach, I'd like to see insightful conversations focusing on securing Android and making the iOS/Windows approaches more flexible.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  5. Re:Be prepared to wipe your phone at any time? by Anonymous Coward · · Score: 3, Funny

    Good point. I wipe my phone after every porn viewing session. I learned that lesson the hard way. It ain't no fun getting an earful of goo.

  6. Learn from laptops & desktops by Tablizer · · Score: 2

    Perhaps it's time to have hardware covers on phone cams and perhaps a red "open" light and notice beep. Whether they are manual or auto-open is an issue to consider.

    --
    Table-ized A.I.
  7. Re:ive had to uninstall this stuff before. by Infiniti2000 · · Score: 2

    nimbius calls it a garbage app, but then does exactly the same thing. Hypocrisy at its finest. Oh wait, let's hear from nimbius, "No, I wasn't going to do anything with those pictures, honest! No, seriously, I'm a good guy. I just like storing pictures of people I barely know for no good reason, against their wishes."

  8. Extraordinary demands? by Opportunist · · Score: 2

    Yeah, sure, the porn movie wanted to use my phone book, camera, text message system, install programs, modify programs, kill my firstborn and hotwire my car. But ... but PORN!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Highlights a deficiency in "Unknown sources" by tepples · · Score: 2

    From the featuerd article: "To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the option of "Unknown Sources" under the "Security" settings of your device."

    How does the plural work in "trusted app stores"? Since when has Android allowed the user to specify which other repositories are worthy of trust? I thought "Unknown sources" was just a binary choice between Google only and everything, as opposed to the ability to create a middle ground of trusting Google, Amazon, F-Droid, and no other sources.

  10. Re:Be prepared to wipe your phone at any time? by gstoddart · · Score: 2

    Who's walking around with a phone that they're not prepared to wipe at a moment's notice anyway?

    Oh come on ... that question is so naive, simple, or stupid as to defy belief.

    The percentage of tech-savvy, leery, paranoid people who distrust their phone and haven't built their lives around it is vanishingly small.

    Everyone else doesn't know, doesn't care, and as long as they have shiny baubles and new games to play ... doesn't give a shit about this stuff.

    If you "don't get this" it's because you've allowed yourself to live in a bubble in which you actually believe people are tech savvy, knowledgeable, and actually give a damn.

    And that level of willful ignorance defies belief, because you'd have had to avoid so much reality from the last decade as to not be credible.

    We see this shit every day, and screech about it and add more layers of tinfoil. But not knowing the rest of the planet is oblivious means you haven't even tried to pay attention.

    I'm betting the percentage of people ready to wipe their phone on short notice is less than 1 in 50. Possibly less than 1 in 100.

    --
    Lost at C:>. Found at C.
  11. Re:Be prepared to wipe your phone at any time? by trevc · · Score: 4, Insightful

    The VAST majority of smartphone users.

    Exactly. They are smartphone users not smart phone users.

  12. Re:Be prepared to wipe your phone at any time? by ripvlan · · Score: 2

    I wiped my iPhone once (OS update didn't go according to plan). I restored to the last backup (previous night). It worked, everything synced and life went back to normal in an hour.

    However - if my previous backup had had the bad-actor already on it I'm not sure this plan would have worked. One might need a Restore from Day X feature.

    I had other concerns such as - were my photos safe? Most content is pull (podcasts, movies, music) and I'm not worried about that - download again. Content created on my device is what I'm never sure will be restored. If you asked Andriod/iPhone users "Will your data be restored after a wipe?" I'm sure you'd get several answers - all due to confusion over the feature. iPhone for instance requires you to sync with a Mac/PC in order to (safely) delete them from phone storage (which I do, like, twice a year). Sure they are "in the cloud" - but that ain't considered the same thing.

    But I will say - restoring my phone & tablet was much easier than say - restoring my PC.

  13. composition by kencurry · · Score: 2

    How do they get a picture of you and what you are looking at together? If it is a mash up, couldn't they just mash up your face (pic they took) with some disgusting porn pic anyway?

    I don't get it.

    --
    sigs are for losers (except to point out that sigs are for losers)
  14. PayPal vs Bitcoin by trawg · · Score: 2

    The most interesting thing in the summary is that they're using PayPal over Bitcoin (or other cryptocurrencies). Is this because they're clueless noobs who can't be bothered to figure out how to use Bitcoin? Is it because PayPal is so terrible at stopping accounts engaged in this kind of abuse that they can still make a shitload of money before they're blocked? Is it because they've found Bitcoin is not useful or flexible enough?! So many questions!

  15. Re:Be prepared to wipe your phone at any time? by Chris+Mattern · · Score: 2

    Wiping the phone does you no good because they already have your picture--the phone sent it to them.