Mobile ransomware is on the rise. We reported yesterday that this specific type of malware targeting Android gadgets grew by more than 50 percent over the last year.
As if we haven’t warned you enough, the usual vector for malicious software in Android are third-party apps from unknown sources, that is, apps downloaded outside the official Google Play app store.
Take this newly outed malware targeting a specific demographic, for example. Security researchers from ESET recently discovered a rogue version of the adult website PornHub’s app that is actually ransomware in disguise.
Fake Pornhub app locks you out
The fake Pornhub app, nicknamed Android/FakeAV.E by ESET, promises to serve pornographic videos but it infects and locks the gadget instead.
According to ESET, this is how the app does its dastardly deed:
As soon as the fake PornHub app is launched, it displays a “Connect error. At first you must be checked for viruses” message.
This bad grammar should be enough to deter you, but if you give in and agree to “check for viruses” by clicking OK, another set of fake warnings pop out. This time they appear to be coming from Avast, an antivirus program.
After the “scan” is completed, the app lists the “malware” your device is infected with and for purported security reasons, locks your device unless you proceed and buy the “Pro” version of Avast.
This is a classic bait-and-switch ransomware scheme, though and to purchase this “Pro” version of Avast to release the lock, you’ll have to pay up $100 in Bitcoin in an oh-so-convenient Green Dot MoneyPak screen.
ESET notes that these fake PornHub app’s screens look to be stitched together from other malware since its ransomware message appears to be directly lifted, typos and all, from another ransomware program.
How to prevent mobile ransomware
First, as we always say, avoid downloading third-party applications from unknown sources outside the official Google Play app store.
But the thing with this particular attack is this: if you’re looking for the official PornHub Android app via the Google Play app store, forget about it. Google banned any sort of porn apps from its app store so the only way to get the PornHub app (a legitimate one actually exists) is via sources outside the official app store.
To steer clear of these types of ransomware attacks, avoid downloading Android porn apps altogether.
Next, backup your data regularly. It can be via Cloud-based backup services or locally to a computer but this is the best way to recover your precious files (especially photos) in an event of a ransomware attack.
For simple lock screen ransomware such as this fake PornHub app, ESET recommends booting your Android gadget into Safe Mode then uninstall the malicious app.
There are more interesting details in the ESET report including descriptions of other new ransomware variants. Read the full document “ESET Trends in Android Ransomware.”