Google Play Store hosting malicious ‘porn clicker’ apps

A number of apps have been removed from the Google Play Store, after they were revealed to be a form of malware.

The offending software is often disguised as a legitimate app and then secretly clicks on advertisements on pornographic websites.

Read more: Hacking Team leak shows how malware can be snuck into Google Play

Security researchers at Eset discovered 60 “porn clicker” apps, with users downloading them in their hundreds of thousands inadvertently over the last three months. One of the most prominent of the fake apps was purporting to be popular video tool Dubsmash. Fake versions of other common apps, including Minecraft 3 and Clash of Clans 2, were also discovered

“Following ESET’s notification, Google has pulled the malware from the Play Store and also reports some of them as potentially harmful applications using its built-in security service,” Eset researcher Lukas Stefanko explained.

Although the malicious software does not try to steal personal information, by accessing pornographic websites in the background it could cause users to exceed their mobile data limit.

Google uses its Bouncer software to scan the Play Store for malicious content, but cyber attackers are becoming increasingly innovative in order to slip through existing security protocols. For example, Bouncer only analyses apps for a period of five minutes, so if they do not start behaving maliciously until after this time, they may not be detected.

Read more: Malware and Gaming evolution timeline shows parallels

The Android operating system does have a reputation for hosting a far greater number of malicious apps than iOS, but these are largely found in third-party market places rather than the official Play Store. The news that a significant number of these porn clicker apps are getting through Google’s defences is worrying news, therefore, and may mean that it decides to refine its app approval process.