About a week after cybersecurity experts reported uncovering Russian-made “spyware” hidden inside a counterfeit PornHub app, as AVN.com reported, researchers at the antivirus firm ESET have discovered a new malware threat that works by fooling porn users.
With lines like, “Bros, try this app. Very hot,” an unidentified, malicious hacker has been luring users of the internet forum Reddit to download what is described as a “sex simulator” app for Android phones, according to a report by PC Magazine. In fact, the links lead to destructive ransomware—a type of malware that takes over and disables a phone, until the phone’s user agrees to pay a sum of cash, usually in the form of cryptocurrency, to the attacker.
In the case of the newly discovered Android ransomware, the app will apply hard encryption to all data on a victim’s phone. A screen then appears demanding somewhere between $94 and $190 in BitCoin cryptocurrency in order to obtain a digital “key” to de-crypt the inaccessible data.
The ransomware app also tells the victim that if the ransom is not paid with 72 hours, it will permanently delete all files on the phone. But researchers have not been able to confirm whether that part of the ransomware threat is true, according to the tech site Life Hacker.
But that’s not all the new “sex simulator” ransomware does to cause damage. Before locking a user's phone, the app scans through the phone’s contact list and sends SMS text messages out to everyone listed, with a link to the ransomware, according to a Forbes.com report.
In other words, not only should users tempted by the promise of a “sex simulator” app beware of clicking on any link offering such an enticing piece of software, but so should anyone who knows someone who may have downloaded the fake porn.
The SMS messages are not mere ads for a porn app with a phony, malicious link. The messages actually tell the person on the other end that her or his picture appears in the sex simulator app—providing further incentive for the receiver to impulsively click on the link, immediately infecting their own Android phones.
According to ESET, even in the event that a user clicks on the link and ends up with an encrypted phone, there is no need to pay the ramsom. “It is possible to decrypt the affected files without any assistance from the attacker,” the researchers say.
Photo By Ilya Plekhanov/Wikimedia Commons