Authored by a Symantec employee
Researchers have discovered a new type of Android ransomware that takes advantage of a potentially embarrassing situation to extort the user into paying a ransom. The malicious software is distributed through an app named "Adult Player," which is a pornographic video player. Once installed, the app asks to perform a software update. If the user allows the app to update, the app loads another malware application instead of installing the update. The app then secretly takes a photo of the victim with the phone’s front facing camera, which is displayed on the screen, along with the ransom message.
The ransom screen prevents the user from accessing the device. The screen remains each time the user restarts their phone.
Symantec and Norton products protect against this ransomware known as Trojan, Android.Lockdroid.E.
Keep Your Device Safe from Ransomware:
- If you have Norton Security or Norton Mobile Security on your device, you are protected! Norton Mobile Insight technology can screen apps in Google Play before you download them, letting you know which apps are trusted and secure. If don’t have Norton, and you have an Android device, you can download Norton Mobile Security for free.
- For robust protection on all of your devices, check out the full version of Norton Security.
- Don’t pay the ransom. The chances that you’ll regain access to your device are low. By paying the ransom, you’re really just helping to fund these criminals so that they can continue to commit this crime.
- Back up your device. By backing up your device regularly, you will always have a safe copy of your files, should a cybercriminal try to hold your device for ransom.
- Exercise caution when receiving emails from senders you don’t know, especially if those emails have attachments or links. Whatever you do, don’t click! Those attachments or links could host malware that can sneak onto your device, letting the cybercriminals in.
- If it sounds too good to be true, it probably is. Be cautious of “free” apps that seem to offer benefits (free in-app purchases, free versions of paid apps, etc.). Avoid downloading apps from third party app markets, and only download them from trusted sources such as the Google Play Store.
What if I get Infected?
You can boot your device into safe mode, revoke the app’s rights in the “Device Administrator” settings, and uninstall the app.
- To remove administrator privileges, go to Settings —> Security —> Device Administrator and select ransomware app, then deactivate.
- Go to Settings —> Apps —> Uninstall and uninstall the malicious app.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.