Emerging Threats

New adult-themed Android ransomware variant discovered

Authored by a Symantec employee


Researchers have discovered a new type of Android ransomware that takes advantage of a potentially embarrassing situation to extort the user into paying a ransom. The malicious software is distributed through an app named "Adult Player," which is a pornographic video player. Once installed, the app asks to perform a software update. If the user allows the app to update, the app loads another malware application instead of installing the update. The app then secretly takes a photo of the victim with the phone’s front facing camera, which is displayed on the screen, along with the ransom message.

A security suite that helps protect your devices.

Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.

The ransom screen prevents the user from accessing the device. The screen remains each time the user restarts their phone.

Symantec and Norton products protect against this ransomware known as Trojan, Android.Lockdroid.E.

Keep Your Device Safe from Ransomware:

  • If you have Norton Security or Norton Mobile Security on your device, you are protected! Norton Mobile Insight technology can screen apps in Google Play before you download them, letting you know which apps are trusted and secure. If don’t have Norton, and you have an Android device, you can download Norton Mobile Security for free.
  • For robust protection on all of your devices, check out the full version of Norton Security.
  • Don’t pay the ransom. The chances that you’ll regain access to your device are low. By paying the ransom, you’re really just helping to fund these criminals so that they can continue to commit this crime.
  • Back up your device. By backing up your device regularly, you will always have a safe copy of your files, should a cybercriminal try to hold your device for ransom.
  • Exercise caution when receiving emails from senders you don’t know, especially if those emails have attachments or links. Whatever you do, don’t click! Those attachments or links could host malware that can sneak onto your device, letting the cybercriminals in.
  • If it sounds too good to be true, it probably is. Be cautious of “free” apps that seem to offer benefits (free in-app purchases, free versions of paid apps, etc.). Avoid downloading apps from third party app markets, and only download them from trusted sources such as the Google Play Store.

What if I get Infected?

You can boot your device into safe mode, revoke the app’s rights in the “Device Administrator” settings, and uninstall the app.

  1. To remove administrator privileges, go to Settings —> Security —> Device Administrator and select ransomware app, then deactivate.
  2. Go to Settings —> Apps —> Uninstall and uninstall the malicious app.

Our best protection. One low price

Norton Security Premium helps protect up to 10 of your Windows PCs, Macs, Android smartphones or your iPads.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.