A smartphone app has surfaced in Japan recently with the promise to let users see through others’ clothes when they turn on the camera on their Android handheld devices.
This Infrared X Ray app, obviously, is a scam and does not work. Yet, there have been enough people falling for it – and being blackmailed by it – for security firm Symantec to put out an alert last week.
It usually hoodwinks users by sending spam messages to potential victims. They are enticed with a seemingly novel app promising voyeur capabilities. Once downloaded and executed, however, the app uploads the contact details stored on the device to a server.
Symantec has also confirmed that several variants of this app exist and have now added an interesting payload – contact data is being stolen and sent to the malware author, and registration details for an adult website are downloaded and displayed.
The app no longer attempts to turn the camera on like it did previously. Instead, a message is displayed stating that registration has been completed and the victim is asked to pay 29,000 yen for the “service”.
The app also sends SMS messages detailing the payment and threatens to contact people found in the victim’s contacts list if the victim does not pony up the fee for the “service”. It then continuously displays the registration details and sends SMS messages to the victim’s contacts until the app is uninstalled.
To stay protected, Symantec advises users to refrain from clicking links found in messages such as e-mail and SMS messages from unknown senders as well as suspicious messages from known senders. Apps should only be downloaded from trustworthy vendors.
