ESET researchers have discovered nearly 350 porn clicker Trojans on Google Play over the last seven months, all belonging to the same family, with millions of downloads. And the numbers keep rising.
Overall, the Trojan has evolved into a large scale outbreak as a single family of malicious apps that masquerades as popular games or apps in order to bypass Google’s security checks.
The malware is primarily nuisance-ware: Its main purpose seems to be running in the background without any signs that something fishy is going on. As such, the threat does not belong to the category of more sophisticated malware such as mobile banking threats or the Simplocker crypto-ransomware. But the harm lies in excessive data consumption, potentially resulting in increasing bills for mobile services or exceeding the data cap.
ESET has found that while there have been many malware campaigns on Google Play, none have spanned this length of time or achieved such numbers of successful infiltrations.
“It’s not that some bad guys attain a high number of downloads and then disappear after getting banned by Google,” said ESET researcher Lukáš Štefanko, in an interview on ESET’s blog. “This is a true campaign…These fake apps are being systematically modified to sneak past even advanced detection methods based on what the Bouncer [i.e., the mechanism for checking applications submitted to the Google’s official app store] learnt from the malware’s previously discovered cousins.”
Google’s security team takes the apps off the store frequently, but the malware’s authors keep pace and successfully upload new apps to the store on a regular basis.
“Generally, Google does a tremendous job in improving the security checks at the Play store,” said Štefanko. “But in this particular case, the bad guys still have the upper hand.”
Consumers can protect themselves by reading the apps’ ratings, because users typically share their bad experiences with these fake apps.
“Users should take the same security measures for their mobile devices that they have implemented on their computers—I mean using a quality security solution and having a backup of all their important data,” Štefanko said. “On top of that, they should be reasonably paranoid when considering which apps to use and from where to install them.”
Photo © Alexander Supertramp/Shutterstock.com