Mobile malware masked as porn apps

Adult content is an ace in the hole for cybercriminals attacking Android devices.

A top safety tip for Android users is to install apps only from the official store. However, there are times when this advice is difficult or even impossible to heed. For example, when it comes to porn, such content is (unsurprisingly) barred from Google Play. Aficionados have to seek out third-party sites for that — and, of course, those sites are populated by scammers.

Our researchers studied various “18+” mobile threats. Their detailed report is available here; this article presents a summary of the most salient points.

The wrong kind of porn

Cybercriminals are well-armed when it comes to targeting fans of adult content. They disguise malware as XXX collections and special porn players, add malicious features to official apps from known porn sites, and even set up their own porn portals to spread their dangerous wares. They often promote their creations by hacking or malvertising on legal porn sites, as in the case of PornHub last fall.

Android-based malware that exploits this hot topic has become incredibly popular: In the past year a quarter of all attacks on mobile devices came from porn-related malware. Interestingly, desktop computers are attacked by such malware far less often — criminals are following porn into the mobile space.

Mom told you so

The consequences of porn malware can be nasty or very nasty.

If the victim is “lucky,” they will get hit by an ad clicker. These pests account for about half of all attacks. Victim’s smartphone battery indicator will start dropping noticeably, and the device will gobble up gigabytes of mobile Internet traffic (during the study, one piece of malware “clicked” on 100 megabytes’ worth of ads just in several hours). WAP and SMS hacks are in roughly the same weight category: Users are unwittingly signed up for paid services or content, with SMS confirmations deleted for good measure, or calls are made to paid numbers.

Losing money from a mobile account is actually getting off relatively unscathed — far worse beasts lurk in the Android malware zoo, and they collectively account for the other half of porn-related attacks. For example, a Trojan banker disguised as an alluring app can steal your login and password and clean out your bank account, and Trojan ransomware will block your device and demand a ransom.

Cybercriminals count on the fact that victims understandably prefer to keep quiet about how they encountered such Trojans. To intensify the effect, an on-screen message might appear about illegal content supposedly detected on the device — for example, child pornography.

Loapi — this Trojan is hot!

In some cases, the malware is a kind of modular infection like Loapi, which starts off with ad clicking but might progress to blocking the smartphone or even frying the insides through cryptomining.

Finally, it’s worth noting another very serious type of malware — the rootkit. A rootkit gives cybercriminals full access to the smartphone. It’s an all-in-one threat that can show advertising, steal data, and secretly install other apps, including more malware.

How to stay safe

The best advice is not to download any porn apps. That said, for those inclined, there are safer ways to view adult content.

  • Keep an eye on what permissions an app requests. For example, avoid media players that request full access to the operating system.
  • Install a mobile AV product to protect your devices against uninvited guests.
Tips