Menu
Android ransomware changes a device's PIN code

Android ransomware changes a device's PIN code

Porn Droid gets admin-level access using a trick

Researchers at security company ESET have found a type of malware that changes an Android device's PIN, the first of its kind in an ever-evolving landscape of ransomware attacks.

For most users, the only option to get rid of the malware is to reset the phone to its factory settings, which unfortunately also deletes all the data on the device.

The malware calls itself "Porn Droid" and bills itself as a viewer for adult content. It has only been seen on third-party Android application marketplaces or forums for pirated software, wrote Lukas Stefanko, an ESET malware analyst.

But after it's installed, users see a warning supposedly from the FBI that they've allegedly viewed "prohibited pornography." It asks for a US$500 fine to be paid within three days.

To change the device's PIN, Porn Droid needs administrator-level access to the phone.  Stefanko wrote that the malware uses a new method to obtain that high level of access.

When Porn Droid runs, it asks people to click a button to activate the viewer app. But beneath that window, and obscured by it, is another button for setting device administer privileges.

porn droid 2 ESET

Porn Droid tricks a user into granting admin access through deceptive windows.

"After clicking on the button, the user's device is doomed," Stefanko wrote. "The Trojan app has obtained administrator rights and now can lock the device. And even worse, it sets a new PIN for the lock screen."

Other kinds of Android malware locked the screen by keeping the ransonware warning in the foreground using an infinite loop. But that could be remedied by using a command-line tool, the Android debug bridge, or deactivating admin rights in Safe Mode, according to Stefanko.

In the case of Porn Droid, if someone tries to deactivate the admin privileges, the malware uses a call-back function to reactivate them, Stefanko wrote.

The malware is also coded to try to shut down three mobile antivirus products: Dr. Web, ESET's Mobile Security and Avast. 

More advanced users may be able to get rid of Porn Droid without resetting and erasing all data on their phone. It is possible to remove the malware if a user has root privileges to the device, and some security software can stop it, Stefanko wrote.

Ransomware attacks, both desktop and mobile, have become some of the most persistent and damaging scams on the Internet. One of the most prevalent scams is encrypting a person's files and asking for money for the files to be decrypted.

Security experts generally advise not paying the ransom, as in many cases fraudsters never bother to fix the victim's computer.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments