Exterminator

Community Manager
Verified
Staff member
Yet again ESET researchers have found clickjacking malware in Android applications that managed to squeeze by Google's highly lauded app screening process and made their way on the official Play Store.

This particular issue is nothing new, neither to ESET or Google. Something similarly has happened three different times last year, first in April, then May, and then again in July.

Porn Clicker Trojan at the core of the issue
At the core of the issue is a malware family which the developers have named Porn Clicker Trojan. The reason behind this name is because of its behavior.

The trojan works by opening an invisible browser window and clicking on ads on pornographic websites. It does this every minute or so.

Because it does not steal any user data, log user behavior, or sends credentials to remote servers, many security firms have deemed this malware to be inoffensive since it's focused mainly on monetary gains for its operator without causing damage to the user.

Of course, there can be some cases where a user that leaves his mobile carrier Internet connection on, could see a higher bill the following month as the trojan loads and reloads smut websites in the background.

Ten new Porn Clicker-infected apps added to Play Store each week
The Porn Clicker Trojan is usually distributed as apps cloned after popular apps or free versions of commercial Android games. These apps are distributed via third-party app stores, but also via Google's Play Store.

During its most recent wave of infections, ESET's Lukas Stefanko says that the trojan's mode of operation has changed only slightly.

The trojan's new feature is a scanning function that searches the user's device for security and antivirus products. If it finds such tools, the trojan will not execute. This may also explain how the trojan passed Google's app review process.

"On average, ten new porn clickers a week bypassed Google’s security checks during this campaign," the ESET team notes. "To get a sense of the scale, porn clickers on Google Play have on average, been downloaded 3600 times each."

ESET has published the list of apps it recently detected as infected with the Porn Clicker Trojan.