Hackers are like any other coders: they want to built better software, even if it’s a program that merely aims to extract a ransom from a hapless Android user.
Symantec said it has seen a new version of the Porn Droid ransomware that uses Google’s custom-built design language, Material Design, to create more intimidating warnings.
Discovered last year, Porn Droid purports to be an adult content viewer. If installed, it locks a device and warns that users have viewed illicit pornography and demands a ransom. The app has been seen on third-party Android application marketplaces or forums for pirated software.
This version of Porn Droid mines an Android device for personal information and displays menu entries such as “Your SMS history” and “Your call log.” The user interface was created using Google’s Material Design language, which gives it a more professional look.
The drawer-style menu opens up whatever selection the victim has clicked on, showing information such as the person’s recent calls or Web browsing history.
“This allows the threat to easily display fraudulent legal notices and gathered device logs to make the ransom notice seem more intimidating,” wrote Dinesh Venkatesan, a senior threat analysis engineer with Symantec.
Porn Droid warns users on a device’s lockscreen that the gathered data has been passed onto law enforcement, Venkatesan wrote. Symantec has seen other ransomware programs gather log data before but not displayed to victims using Material Design.
“It should be noted that Material Design’s creators did not intend for their work to be used for malicious purposes,” he wrote. “The authors of this ransomware simply accessed and used the layout as any other legitimate app developer would.”
The effort put into designing professional-looking ransomware is likely further proof of the return cybercriminals are getting from the scams. Although ransomware has been around for more than a decade, it’s still one of the most prevalent nuisances around.