Porno-locker - nice icon, not so nice functions
Recently @PaulWebSec made me look at porn (now, will you risk clicking on that link? ;). Well, at least he advertised it as such, but it turned out to be just another fake Android porn app, which in reality was just a ransomware. It even has a kind of NSFW icon, but you have to get the sample to see it for yourself. Anyhow, let's have a look at the code. It uses a lot of interesting permissions: camera, call log, contacts, Internet (of course), location and so on. It also has a bunch of activities, one of which is affectingly called TerrifyActivity . Overview When we start the app, AndroidManifest says it will start an Activity called MainActivity . And by looking at it it does nothing. Absolutely nothing, apart from creating some variables. Actually , the startup code is in the MainApplication class. This, in turn, starts the MainService3 class. A WakeLock is also put in place - to make sure that the device is on. We are asked w...