About a week after an SMS Trojan posing as a porn video player was found duping Android users into loading it on their phones, another malicious app has been uncovered that uses pornography to attract users. This time it creates a veritable porn vortex that magnifies the malware propagation.
According to Zscaler, the application in question is also presented as a porn player but works slightly differently. When the user clicks on the application icon, he or she will be presented with thumbnails to various adult videos. When the user tries to play one, the application will download three files in the background, and a shortcut will be placed on the main page of the device. The application also requests on-demand videos via SMS—costing the user money without them knowing.
The dropped files are also depicted as porn players, and when the user clicks on videos shown in these applications, they again drop more files to the device—resulting in a never-ending porn-tastic malware installation loop.
Some of these dropped files have icons that look similar to the Internet Explorer and Angry Birds applications for the sole purpose of scamming the user. However, these dropped applications are actually SMS stealers or fake installers.
Ultimately, the application divides the overall functionality between the various dropped files as a mechanism to evade detection by antivirus software. If one of the applications is detected by the AV, the other applications can continue with their work. Also, interestingly, each of these dropped applications tries to target different SIM operators in China.
“Noting that one in five mobile searches are related to porn, it’s no surprise that hackers continue to create fake porn apps to disguise malware,” said Zscaler researchers Lakshmi Devi and Shivang Desai, in an analysis. “There has been an increasing tendency of malware in disguise of adult-rated applications in order to attract victims. The best way to avoid such applications is to stick to official app stores like Google Play and the Amazon app store.
Users should also not trust any unknown links received via messages or emails. Additionally, disable the option of "Unknown Sources" under Settings, to disallow installation of apps from unknown sources.
Photo © Cathleen A. Clapper