An Android porn app, Adult Player, secretly took images of users using their front camera and held them to ransom.
According to the BBC, the app used software to lock customers' device until they agreed to pay $500 (£300).
The app, which is reportedly available only from the website, and its malware was discovered by internet security firm Zscaler.
Ransomware works by immobilising the victim's device and according to infosecurity-magazine.com, there is no way to shake off its hold over the phone.
Even if you switch your phone on and off, there is no way to uninstall the software. In a blog, Zscaler said the only solution is to reboot the phone into 'safe mode' which stops the device from running third party apps.
The most worrying aspect of the app's ransomware is its ability to send personal details, including phone numbers and operating systems to a remote service.
SEE ALSO:
"To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play," Zscaler added.
"This can be enforced by unchecking the option of "Unknown Sources" under the "Security" settings of your device."
A security expert told the BBC that ransomware is a burgeoning area of cyber crime.
"One of the reasons for the increase is that it's very easy to make," said Raj Samani, chief technology officer for Intel Security in Europe.
"There are people you can pay to do the work for you, and it pays really well. One group we tracked made more than $75,000 in 10 weeks.
"Apps like this rely on the embarrassment factor. If you don't pay, your reputation is on the line."