Story image

Porn Trojan rampant on Google Play store

26 Feb 2016

Malware disguised as porn is rampant on the Google Play store, according to new findings from security specialists ESET. 

ESET researchers have found more than 300 porn clicker-type malicious apps on Google Play in seven months, and criminals are continuing to upload further variants onto the platform, the company says.

ESET detects Porn clicker Trojans, which masquerade as legitimate apps, notably games, as Android/Clickers.

“There have been many cases of malware campaigns on Google Play, but none of them have lasted so long or had such a huge number of successful infiltrations,” explains Lukas Stefanko, an ESET malware researcher who specialises in Android malware.

ESET researchers found, on average, ten new porn clickers a week bypassed Google’s security checks during this campaign.

“These porn clickers not only made it into the store, but they also successfully compromised user devices and have on average, been downloaded 3600 times each,” says Nick FitzGerald, senior research fellow at ESET Australia. 

The current family has threatened Google Play users since the 3rd of February, 2015, and ESET researchers follow them closely, having warned about them in the past.

Unsurprisingly, the creators of these Trojans ride the wave of interest in popular applications, notably in games, Fitzgerald explains.

“After installation, they generate fake clicks on advertisements to generate revenue for their operators, robbing advertisers and harming advertising platforms,” he says. 

“From the user’s point of view, these Trojans generate a lot of internet traffic, which might have negative consequences for users on metered data plans.”

Despite the Porn clicker Trojans being successful in hiding their true purpose, users can still avoid them thanks to negative reviews left by users under the Google Play platform, ESET advises.

“Google Play users should always look at the ratings and reviews of apps before downloading and installing anything,” FitzGerald explains.

“Looking at the ratings and reviews of these fake apps, for example, shows you very quickly that the overwhelming response is negative,” he says. “Apps with such reviews should be avoided at all costs.”

However, considering how widespread porn clickers are on the Google Play Store, reviews alone cannot be the only defence against these malicious apps, FitzGerald says. 

“This is not the first time these Trojans have appeared on Google Play; they are clearly part of a well-organised campaign,” he says. 

“We should only expect the e-criminals behind this malware to continue updating their versions to find new ways to bypass Google’s security tests and to trick consumers,” adds FitzGerald.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.