Skip to main content

Fake Kiddie Porn Ransomware Snaps Your Photo

There's no rational reason why anyone but a security researcher would want to install malware, so cybercriminals use social engineering instead.

Credit: Marcos Mesa Sam Wordley/Shutterstock

(Image credit: Marcos Mesa Sam Wordley/Shutterstock)

They know that users who fear personal information is in jeopardy will click on almost anything — for example, a Russian ransomware scam that accuses you of watching illegal pornography, and includes a personalized mug shot to boot.

This information comes courtesy of the Tokyo-based security firm TrendMicro in a post for its TrendLabs Security Intelligence blog. The tale is almost as old as smartphones themselves. A suspicious text message promises tantalizing adult videos, and directs a user to a hastily cobbled-together site with a smattering of smutty content. The site prompts the user to download a "video," which is really Android ransomware in disguise.

MORE: Best Android Security Apps

When it's installed, the ransomware snaps a photograph with the user's front camera. Theoretically, this should capture the user's face, although it's just as likely to get a shirt or an overhead light fixture.

Then, the malware displays the photo and accuses the user of trying to access pornography featuring children, animals, incest, rape and (this is Russia) gay sex. Unless the user coughs up 1,000 Russian rubles (approximately $15), the app threatens to notify all of a user's contacts about his illicit viewings, and forward his information to the police.

Naturally, the app can't do anything of the sort, but even the threat of it has made a lot of people sit up and take notice. Although Trend Micro doesn't have information on how many thwarted would-be Onans paid up, the firm reported that the malware has infected more than 3,400 people, mostly in Russia.

While this malware may sound scary, every single step of the process requires user confirmation, and sends up a clear red flag. A moderately savvy Internet user has five or six solid chances to avoid the scam.

Unsolicited text messages often link to scams, not legitimate websites. The porn sites in the links are obviously fake, having little real content and shoddy designs. The "video” downloaded is actually an APK, an Android executable file — no video should have to ask your permission to install anything.

When installed, the program requests access to the phone's highest administrative levels, including the ability to erase all data on the phone. Even the blackmail threat is suspicious, since it claims to do impossible things (like slap a "PEDOPHILE" label on a user's YouTube account).

If you did fall for the scam, though, the ransomware is a particularly weak strain, so don't pay up. Depending on what kind of Android phone you have, you can probably reboot the device and uninstall the app; any Android security program worth its salt can do the same. (This isn't encrypting ransomware, which would render files unreadable even after a reboot.)

Perhaps it's time to add "Never click on unsolicited SMS links to questionable pornography" to the rich trove of Russian folk wisdom.