The newly discovered ransomware "Adult Player" disguised itself as a pornographic website

The American network security company Zscaler has discovered the latest "yellow" ransomware software specifically for Android phone users.

This kind of ransomware seems to provide "yellow" or pornographic content, but once a user clicks, it will first use the front-facing mobile phone lens to secretly take a picture of the user, then lock the mobile phone and display a message asking for a $500 ransom on the video screen .

Some cybersecurity experts introduced to the BBC that online ransomware is a lucrative "high-growth" criminal method in cybercrime.

The above-mentioned software that threatens to demand a ransom by publishing the private information of the mobile phone user or washing out all the information stored on the user's machine is called "ransomware."

The person responsible for security in the Intel Group, the world’s major computer processor manufacturer, said that since 2014, the number of software ransomware through the Internet or mobile phones has increased by at least 127%; although the main targets of attacks are still landline computers and laptops. But mobile phones are also increasingly becoming a new target for attacks.

Cybersecurity experts point out that ransomware is relatively easy to write and lucrative

Raj Samani, head of cybersecurity at Intel’s European headquarters, said: “The reason why this type of ransomware has soared is mainly because it’s relatively easy to write, it can be written by someone, and it’s lucrative. What we track A hacker group ransomed $75,000 in just 10 weeks."

Samani also said: "This kind of software is mainly aimed at and exploiting people's unwillingness to make a fool of themselves in public. If you don't pay, I will ruin you."


The US network security company Zscaler said that the newly discovered "Adult Player" is the second yellow ransomware they have recently discovered.

Generally speaking, this kind of ransomware cannot enter Google’s official application software market Google Play formally through inspection. They are often downloaded directly from the "problem website" to their computer or mobile phone with or without their knowledge. .

Zscaler said that once the ransomware is downloaded to the phone or computer, no matter how the user restarts or restarts the software, the software cannot be stopped, and the ransomware information will be continuously displayed on the screen.

If users want to avoid becoming victims, in addition to avoiding downloading unofficial software, they must also timely back up important documents and data

Intel’s Samani also added: “Although ransomware is currently mainly targeted at computers and laptops, crimes targeting mobile phone users seem to have become a new trend.”

He pointed out that if users want to avoid becoming victims, it is actually very simple. They only need to have some common-sense computer knowledge and often back up the information and data stored on their computers or mobile phones.

He said: "If your mobile phone or computer is unfortunately invaded by such software, if there is a timely backup, you only need to clean the hard disk and the entire system and reinstall the software."

"Of course, the safest thing is not to download any software from unofficial websites other than Google Play, and do not click to open unknown or suspicious emails or links."

Zscaler also suggests that if an Android phone user has downloaded the "recognition player", they should immediately set the phone to a "safe mode" (safe mode).

The "safe state" allows users to continue to use the most basic functions of the mobile phone, but does not allow third-party software to start, so that users can have the opportunity to clean up the ransomware by themselves or by looking for someone to help.

