Google removes 'porn clicker' malware from Play Store

24.07.2015
Google has removed dozens of apps from its Play Store that purport to be games but secretly click on advertisements on pornographic websites.

Security company Eset found 51 new apps that contained the "porn clicker" component, which it first discovered in April in a fake app mimicking a video app called Dubsmash.

Over the last three months, some 60 fake apps have been downloaded 210,000 times, showing how common it is for users to stumble across and download them.

"Following ESET's notification, Google has pulled the malware from the Play Store and also reports some of them as potentially harmful applications using its built-in security service," wrote Lukas Stefanko, an Eset malware researcher.

The bogus apps do not try to steal authentication credentials. If downloaded, the application presents itself as game or system application. It runs in the background and accesses porn websites and clicks on ads. The app could eat up data allowances on a person's mobile phone account.

Google scans apps uploaded to its Play Store using technology called Bouncer. The automated scan checks an app for five minutes, performing a dynamic analysis of its code, according to Trend Micro. But apps that do not misbehave in that time period may not be caught.

Although Google can catch malicious apps, malware authors have become more clever in finding ways to avoid Bouncer, which has apparently happened with the porn clicker applications.

This time around, bogus versions of Dubsmash were uploaded again along with fake versions of other legitimate apps including Pou 2, Clash of Clans 2, Subway Surfers 2, Subway Surfers 3, Minecraft 3, Flappy Birds and Hay Day 2. The harmful apps were available for almost a week.

Since it's hard for users to see if an app is malicious, Eset recommended that people pay close attention to the reviews of apps, which may provide a clue if a particular app is suspicious.

"Hopefully, Google is doing its best to fix this issue and find a way to prevent the developers of these porn clickers from publishing them to the Play Store," Eset wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Jeremy Kirk