This article is more than 1 year old
Shocker: Smut-viewing Android apps actually steal your data
Pr0n software actually leads to pwnage
A brace of supposed porn apps for Android actually push ransomware or steal personal data from mobile device, cloud security firm Zscaler warns.
One strain of Android malware scares the user with a warning screen that falsely accusing them of watching images of child abuse.
After installing the app on a device, the user will see a video player icon which once clicked, displays a fake US Cyber Emergency Response webpage. The malware then harvests SMS messages, contacts and email address.
The malware uploads this personal data to a command and control server run by crooks behind the scam. Fortunately the malicious app does not ask for administrative privileges to lock the device and is fairly easy to remove, Zscaler reports.
Zscaler has also identified a Chinese SMS trojan infostealer that comes disguised as grumble flick viewing app for Android. If installed the malware fools the victim by displaying random adult sites before stealing sensitive information which it sends in SMS messages to predetermined Chinese numbers in the background.
The cloud security firm identified both dodgy apps, the first of their type it has seen since a September sighting, during a recent research project. The tactic of disguising malicious wares as smutty apps goes back years, while the strategy behind the approach it all to easy to discern.
“Nearly a third of Internet traffic is in some way related to pornography and this is the primary reason why malware authors are using porn apps to infect large numbers of users,” Zscaler explains in an advisory note that’s yet to appear on its research blog.
“We are seeing an increasing number of adult themed Android malware apps using pornography to lure victims. To avoid being a victim of such malware, it is always best to download apps only from trusted app stores, such as Google Play,” it adds. ®