sb-as logo
Story image

Porn Trojan rampant on Google Play store

Malware disguised as porn is rampant on the Google Play store, according to new findings from security specialists ESET. 

ESET researchers have found more than 300 porn clicker-type malicious apps on Google Play in seven months, and criminals are continuing to upload further variants onto the platform, the company says.

ESET detects Porn clicker Trojans, which masquerade as legitimate apps, notably games, as Android/Clickers.

“There have been many cases of malware campaigns on Google Play, but none of them have lasted so long or had such a huge number of successful infiltrations,” explains Lukas Stefanko, an ESET malware researcher who specialises in Android malware.

ESET researchers found, on average, ten new porn clickers a week bypassed Google’s security checks during this campaign.

“These porn clickers not only made it into the store, but they also successfully compromised user devices and have on average, been downloaded 3600 times each,” says Nick FitzGerald, senior research fellow at ESET Australia. 

The current family has threatened Google Play users since the 3rd of February, 2015, and ESET researchers follow them closely, having warned about them in the past.

Unsurprisingly, the creators of these Trojans ride the wave of interest in popular applications, notably in games, Fitzgerald explains.

“After installation, they generate fake clicks on advertisements to generate revenue for their operators, robbing advertisers and harming advertising platforms,” he says. 

“From the user’s point of view, these Trojans generate a lot of internet traffic, which might have negative consequences for users on metered data plans.”

Despite the Porn clicker Trojans being successful in hiding their true purpose, users can still avoid them thanks to negative reviews left by users under the Google Play platform, ESET advises.

“Google Play users should always look at the ratings and reviews of apps before downloading and installing anything,” FitzGerald explains.

“Looking at the ratings and reviews of these fake apps, for example, shows you very quickly that the overwhelming response is negative,” he says. “Apps with such reviews should be avoided at all costs.”

However, considering how widespread porn clickers are on the Google Play Store, reviews alone cannot be the only defence against these malicious apps, FitzGerald says. 

“This is not the first time these Trojans have appeared on Google Play; they are clearly part of a well-organised campaign,” he says. 

“We should only expect the e-criminals behind this malware to continue updating their versions to find new ways to bypass Google’s security tests and to trick consumers,” adds FitzGerald.

Story image
One in five employees download commercially sensitive files onto personal devices
Of these respondents, 40% admitted that the devices either had no password protection or no up-to-date security installed.More
Story image
Majority of industrial enterprises face increase cyber threats since COVID-19
Leadership's top cyber security priority was implementing new technology solutions since the onset of the pandemic.More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More
Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More