Archer

Researchers discover hundreds of fake apps designed to trick you into secretly connecting to porn sites.

These are not rave reviews.

Users describe a selfie app on Google Play as “fake,” “bullshishkabob,” and “cannot even express how bad this is—Satan spawn works better than this.”

It gets 2.1 stars. Yet people continue to download the app.

This is the key, researchers say, explaining why fake apps succeed in taking over phones and connecting them to porn sites. People either do not read the reviews and ratings, or read them, but install the apps anyway.

As a result, says researcher Lukas Stefanko with ESET, more than 300 “porn clicker” apps have appeared on Google Play over the last seven months, many of them downloaded thousands of times.

In the past year, Stefanko has found fake apps with popular names like Clash of Clans 2, Subway surfers 2, Subway surfers 3, and Minecraft 3.

Invisible window

The apps—once downloaded—will bring up porn sites in an invisible window, Stefanko said.

“These porn clickers silently click in the background on the porn links generated on the attacker server,” Stefanko told Archer News.

Why? Most likely, to make it look like you are reading the site’s ads, bringing in more money for the porn site.

“The porn clicker randomly clicks on everything on the porn site, including the advertisement,” he explained. “Clicking on the ads is probably the main goal of the malware creator.”

How does this affect you?

You don’t see the ghost porn on your phone.

And you may not care if the porn clickers are letting porn sites steal revenue from the companies posting the ads.

But you may care if ghost porn is costing you money, and if attackers are able to hone a successful attack path to your phone for future malicious hacks that may go far beyond invisible porn site connections.

“From the user’s point of view, the harm lies in excessive data consumption, potentially resulting in increasing bills for mobile services or exceeding the data cap,” said Stefanko.

He said, in addition, your phone may operate more slowly, and your battery can drain faster than usual.

Successful attack path

The malicious app makers have developed a successful way to get into Google Play, and then into your phone.

The Google Play filters do not catch all of them, Stefanko said, and when they do, the app makers just modify the app slightly and re-post.

“It hard to say how Google security really works,” Stefanko said to Archer News. “They should probably apply more filters that actually execute the malicious code hidden in the potentially harmful applications.”

“Also, clustering similar apps or scanning them with security software wouldn’t be bad idea,” he added.

Archer News contacted Google for information on its Google Play security, but did not receive a response. A Google report on Android security in 2014, released in the spring of 2015, said less than 1% of all devices had a potentially harmful application installed.

“Google Play provides security scanning of all applications prior to availability for download and continues to provide ongoing security checks for as long as the application is available in Google Play,” the report said. 

Results

The research has uncovered 343 porn clicker apps on Google Play in the last seven months, and the numbers are rising.

The apps have been downloaded an average of 3600 times each, Stefanko said in We Live Security. Some porn clickers have been dowloaded more than 100,000 times.

But porn clickers are not the only worry. Other mobile malware will go after your account and credit card information, or hold your phone ransom until you pay up.

Stefanko said in We Live Security that people should use security like antivirus on their phones, and back up their phone data.

“On top of that, they should be reasonably paranoid when considering which apps to use and from where to install them,” he said.

“Remember that smartphones and tablets tend to contain larger amounts of personal data – and credentials – than computers,” he added. “The question is why people only focus on securing their desktop computers and notebooks while ignoring mobile threats?”

Secret weapon

You have a powerful tool you can use to keep porn clickers off your phone.

First, Stefanko said, stay away from unofficial apps, and never install an app from a link you get in a text message or e-mail.

But most importantly, don’t ignore what other users are saying.

“Regarding the apps themselves, one simple security measure limits the risks substantially—checking the app’s reviews,” he told Archer News.

“Believe me, this is a powerful measure,” he said. “If all users stick to this advice, we won’t face such large mobile malware campaigns.”

There are plenty of fake positive reviews. But you may need to pay more attention when users write things like this, or you could end up with ghost porn and a high phone bill:

“Absolute junk. No. No. Just no.”

“Immediately uninstalled. It doesn’t work at all. It crashes and there are annoying pop-up adverts. Don’t waste your time or data getting this. I’d rate it -10 if I could!”  

“This one is just craaaaaap!”