An Android app called Adult Player has been subjected to ransomware attacks, resulting in secret photos being taken of users who are using the app to look at pornographic images.
Under the ransomware attack, Adult Player silently takes a photo of the user and displays it along with a ransom message. It demands $500 to unlock the victim’s device.
Zscaler said the ransomware does not allow the victim to uninstall the app or reboot the device, as in some cases the ransomware app becomes active immediately after reboot.
However, the company said there is a way to get rid of the malicious software without paying money.
The phone must be started up in safe mode, which boots the device with default settings without running third party apps.
Users should first remove administrator privilege while uninstalling ransomware from a device.
Zscaler urged users to download apps only from trusted app stores like Google Play to avoid being victim of such ransomware.
Veracode principal solution architect John Smith said: "Similar to the Ashley Madison data breach earlier this summer, this case once again demonstrates how our online footprint puts our most personal moments and decisions at risk of entering into the public eye.
"However, from a security industry perspective, what is perhaps most concerning is to see the growing prevalence of ransomware in the mobile space."
"Previously ransomware typically focussed on denying the victim access to their data – encrypting it and demanding payment to decrypt.
"This latest incarnation seems to take this a step further by exploiting the capabilities of the phone to also capture images of the victim in an embarrassing context, adding a further potential for blackmail."
Last month, Intel Security said examples of ransomware grew 127% since last year with primary affects on laptops and desktop computers.