A malicious Android app that can hold people to ransom after taking their picture has been revealed.

Adult Player appears to offer pornography, but secretly takes a picture of the user with the phone's front-facing camera.

It then locks the user's device and displays a demand for $500 (£330), which was difficult to bypass, according to US security firm Zscaler.

The Adult Player app claims to offer pornographic videos, but actually holds the user to ransom, after asking them to give it permission to lock their phone. It then asks for a $500 ransom to unlock their phone.

HOW IT WORKS The app lures users by offering free pornographic videos. When it installs, it asks for permission to access and lock the handset. It then secretly and silently takes pictures of users with the phone's front-facing camera. The photographs of the users are then incorporated into a digital ransom note asking for $500 (£330) to be paid via PayPal. In return, the attackers promise to unlock the phones and delete the illicit photo. Advertisement

The app was not available from vetted storefronts such as Google Play, but could be installed directly from a webpage.

Zscaler said the app's ransom message kept the phone's screen switched on at all times, and reappeared if the handset was restarted.

'This ransomware acts as a porn app named 'Adult Player' and lures victims who assume it is a pornographic video player,' the firm said.

'When the victim starts using it, the app silently takes a photo of the victim, which is then displayed on the ransomware screen, along with the ransom message.

'The app demands a ransom of 500 USD.'

Adult Player was the second example of pornography-focused ransomware discovered by Zscaler.

The ransom screen is designed to stay persistent even at reboot.

It does not allow the user to operate the device and keeps the screen active with ransom message. The firm said they app was only available from unofficial stores.

The app takes a pictures of a user (right) then asks them to deposit $500 to unlock their phone (left)

HOW TO AVOID APP SCAMS To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the option of 'Unknown Sources' under the 'Security' settings of your device. Advertisement

To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play.

This can be enforced by unchecking the option of 'Unknown Sources' under the 'Security' settings of your device.

The firm says that removing the app is possible, but difficult.

'The ransomware is designed to stay stagnant on screen and does not allow the the victim to uninstall it.

'Rebooting the device does not work in such cases as ransomware app becomes active immediately after reboot, which leaves no scope for the victim to get into device "settings" and uninstall the ransomware.'

To remove the app, users must put their phone into safe mode, and Zscaler gives full instructions here.