Fake Kiddie Porn Ransomware Snaps Your Photo

There's no rational reason why anyone but a security researcher would want to install malware, so cybercriminals use social engineering instead.

Credit: Marcos Mesa Sam Wordley/Shutterstock

(Image credit: Marcos Mesa Sam Wordley/Shutterstock)

They know that users who fear personal information is in jeopardy will click on almost anything — for example, a Russian ransomware scam that accuses you of watching illegal pornography, and includes a personalized mug shot to boot.

This information comes courtesy of the Tokyo-based security firm TrendMicro in a post for its TrendLabs Security Intelligence blog. The tale is almost as old as smartphones themselves. A suspicious text message promises tantalizing adult videos, and directs a user to a hastily cobbled-together site with a smattering of smutty content. The site prompts the user to download a "video," which is really Android ransomware in disguise.

MORE: Best Android Security Apps

When it's installed, the ransomware snaps a photograph with the user's front camera. Theoretically, this should capture the user's face, although it's just as likely to get a shirt or an overhead light fixture.

Then, the malware displays the photo and accuses the user of trying to access pornography featuring children, animals, incest, rape and (this is Russia) gay sex. Unless the user coughs up 1,000 Russian rubles (approximately $15), the app threatens to notify all of a user's contacts about his illicit viewings, and forward his information to the police.

Naturally, the app can't do anything of the sort, but even the threat of it has made a lot of people sit up and take notice. Although Trend Micro doesn't have information on how many thwarted would-be Onans paid up, the firm reported that the malware has infected more than 3,400 people, mostly in Russia.

While this malware may sound scary, every single step of the process requires user confirmation, and sends up a clear red flag. A moderately savvy Internet user has five or six solid chances to avoid the scam.

Unsolicited text messages often link to scams, not legitimate websites. The porn sites in the links are obviously fake, having little real content and shoddy designs. The "video” downloaded is actually an APK, an Android executable file — no video should have to ask your permission to install anything.

When installed, the program requests access to the phone's highest administrative levels, including the ability to erase all data on the phone. Even the blackmail threat is suspicious, since it claims to do impossible things (like slap a "PEDOPHILE" label on a user's YouTube account).

If you did fall for the scam, though, the ransomware is a particularly weak strain, so don't pay up. Depending on what kind of Android phone you have, you can probably reboot the device and uninstall the app; any Android security program worth its salt can do the same. (This isn't encrypting ransomware, which would render files unreadable even after a reboot.)

Perhaps it's time to add "Never click on unsolicited SMS links to questionable pornography" to the rich trove of Russian folk wisdom.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
WWDC logo on yellow background
Apple WWDC 2025 date set for June 9 — iOS 19, Apple Intelligence and more expected
Motorola Razr Plus 2024 cover display
Motorola Razr Plus (2025) leaked specs hint at bigger upgrades — here's what we know
(L-R) Yura Borisov as Igor, Mark Eydelshteyn as Vanya, Karren Karagulian as Toros and Mikey Madison as Anora "Ani" Mikheeva in "Anora"
Hulu top 10 movies — here's what you need to stream right now
Nintendo Switch 2
Nintendo Switch 2 — industry insider just tipped release month and launch plans
Disney Plus logo
Disney Plus upgrade just fixed one of my biggest problems with the home page
Tom Hiddleston as Robert Laing in "High Rise" now streaming on Netflix
5 best Netflix movies in March you haven't watched yet