Security personnel found hundreds of apps infected with Porn clicker Trojans in the Google Play app store
Recently, ESET security personnel found hundreds of apps infected with Porn clicker Trojans in the Google Play app store.
Porn clicker Trojans are infected by disguising them as popular game applications. They use names and icons that are very similar to valid applications. For example, researchers discovered over 30 fake Subway Surfers games and over 60 GTA games. After the trojan is installed, it has nothing in common with the legal Subway Surfers or GTA, and even does not have any legal functions. It only utilizes some well-known game names. Of course, the more interesting the names and icons, the more clicks and installs, and more benefits for developers.
Malicious trojan in GooglePlay
By analyzing the data on the attacker server, the researchers found more Porn clicker Trojan applications (list ). Although it is difficult to determine whether these applications have been published in the Google Play app store, it may only be hosted in a third-party app store, but 187 of them have been found in the app store.
Some versions of the Porn clicker Trojan can check the anti-virus software on the device. If anti-virus software is detected, the malicious function of the Trojan will not be triggered. Once the installation is complete, the trojan will hide its startup icon, but it is still running in the background. By clicking hijacking, the trojan will entice users to access pornographic websites to gain profits.
The detection list of the latest version of Porn clicker Trojan contains 56 security applications.
List of anti-virus software and security applications
How to ensure security
When malware uses the same name and icon as a new version of the game, Android users should try to read user reviews. In many Porn clicker applications, many affected users leave negative comments so that other users can understand the negative effects before installing these applications. Whether or not the Trojan has been installed, you should upgrade the security application on the device to prevent the threat.
In addition, if Google's "Verify apps" option is enabled, you can check this kind of Porn clicker trojan for a long time and prevent it from being installed. Unfortunately, it seems that only applications that have been deleted from the app store can be detected.
Google application verification system
Summary
This Trojan has been infected with many Android devices after many Pornclicker Trojans. We certainly hope that such forged applications will no longer escape from the App Store's evaluation system. However, because the server providing ad links is still available, this may not be the last time we have experienced the Porn clicker Trojan.