The ‘porn’ app secretly blackmailing users

A new app has a dirty little secret: Click on its porn icon and get blackmailed.
The Android app has been tricking thousands of phone users into thinking they are about to watch X-rated videos when, in fact, they are having their pictures secretly snapped by hackers.
The malicious app, Adult Player, then locks users’ phones and threatens to post their photos and smut-seeking activity online unless they cough up $500.
“There is no porn. The user gets duped, big-time,” said Deepen Desai, director of security research at the US cyber-security firm Zscaler, which discovered the ruse late last month.

The way the scam works is simple, Desai told The Post.
While the free app is not available at mainstream mobile stores such as Google Play, users can download it directly through an Internet browser.
Once someone clicks on the fake porn app’s icon — a woman’s breasts shielded only by her fingers — and clicks through a series of permissions, the program commandeers their device and gains control of its front-facing camera.
The hackers then snap a series of pictures of the user and send them back in a message.
Within minutes, the hackers then lock the phone and post the person’s photo to the screen with a message demanding a ransom of $500 through PayPal.
But experts warn that even if the user coughs up the money, the hackers have still been refusing to unlock their phones.
The scheme is driven by pure greed, the experts say.
Desai says such high-tech blackmail is typically referred to as “ran­som­ware” — a lucrative form of cyber-crime that involves demanding money from people by threatening to wipe a computer device or release private information.
Incidents involving ran­som­ware have increased by 127 percent since 2004, according to experts.
Adult Player is the second app that Desai’s company has found that uses porn to ensnare victims.
“In both cases, the tactic was the same: Porn was used as a lure and required the user to trust third-party apps that weren’t vetted in an app store,’’ he said.
Desai warned that anybody who has downloaded Adult Player should reboot their phone into “safe mode,’’ giving them access to only the apps that originally came with the unit.
This gives the user the chance to delete the ran­som­ware before restarting their phone.
News of the cyber-shakedown comes just a month after hackers released the personal information of an estimated 36 million accounts from the notorious spouse-cheating website Ashley Madison.

Source: http://nypost.com/2015/09/09/porn-app-secretly-snaps-photos-to-blackmail-users-out-of-500/By James Covert and Chris Perez

0 comments:

Post a Comment