Malware disguised as a porn app changes PIN code on Android smartphones

Spread the love

A malware application disguised as a porn app has found a way to change smartphone PINs. The app obtains the rights to it by requesting access, but the malware creators have hidden that window behind its own window.

When the malware asks for Device Administrator privileges, which allow it to change the lock screen PIN, it overlays it with its own window called “Update patch installation,” writes security company ESET, which found the malware.

Users can tell that something is wrong in several ways, including the changed color of the notification bar and the window itself. In the app, the malware creators direct users to Redtube.com for more information about the patch. However, that site usually doesn’t contain information about patches from Google and chances are people who install a porn app know that.

If the malware has changed the PIN, it asks through a screen that should resemble a report from the US Police Service FBI for $500 to unlock the phone. By resetting the device to factory settings, users can get rid of the malware. It is also possible to remove the malware in Safe Mode.

So far, the victims seem to be mainly located in the United States, ESET says. The application is not on the Google Play Store, however, victims must install the app separately from third-party download stores or obtain the installation file from, for example, forums.

The porn app called Porn Droid is not the first app of this genre to use porn as a cover for malware on Android. Some time ago, security company Zscaler discovered an app called Adult Player, which takes a picture with the front camera and displays that selfie when asking for money. There have been numerous attempts to spread malware on Android, but the impact is limited, because such apps hardly ever make it to the Play Store and few Android users install apps outside of trusted download stores.

You might also like