Fake games in Google Play redirect Android users to porn sites

Five malicious apps posing as games were in the Google Play store from July 14 to July 21.
Five malicious apps posing as games were in the Google Play store from July 14 to July 21.

This month five malicious Android apps posing as games made their way into the Google Play store for nearly a week, and during that time each app was downloaded by between 5,000 and 10,000 users, according to new research from Avast.

The threat is detected by Avast as Clicker-AR, a Wednesday blog post said, indicating that the following apps are infected: Extezaf tita, Kanlani Titaas, Kapith Yanihit, Barte Beledi, and Olmusmi bunlar. The apps – from Ngu Studios – use images from genuine franchises such as Minecraft, Hitman and Batman.

From a user perspective, the malicious apps – which were in the Google Play store from July 14 to July 21 – do nothing other than display static gaming images when opened, Filip Chytry, an Avast mobile malware analyst, told SCMagazine.com in a Wednesday email correspondence.

In the background, however, the apps are actually causing redirections to porn websites when the user opens their browser or other apps on their Android device, the blog post indicated, adding that only terminating the apps will stop the redirections.

A requested permission is what enabled the malicious apps to function.

“The app requested permission to “draw over other apps,” meaning it could interfere with the interface of any application or change what victims saw in other applications,” the blog post said. “This helped the malware put its adult content in the forefront of users' screens.”

Earlier this year Avast researchers reported on a similar malicious Android app in the Google Play store that disguised itself as a follow-up to the popular Dubsmash app. In the blog post, Nikolaos Chrysaidos, another Avast mobile malware analyst, is credited with discovering that the same authors behind that app are at work here.

Despite Google taking actions to improve the security of the Google Play store, Chytry indicated that it is practically impossible to cover everything.

“It seems as if Google didn't scan the links from the new apps,” Chytry said. “The interesting part is that the links in the apps were quite easily accessible, so even using some free online tools you should be able to figure out where the apps were connecting to. In terms of preventing these types of malicious apps in the future, it would be good to check which links are trying to push over other apps.”

This is not the only Android threat that Avast has detected this week. On Tuesday, the security firm released new research about Fobus, malware reported on in January that is capable of sending premium SMS messages, making phone calls and stealing private information.

According to a blog post, Fobus is actively being spread through unofficial Android app stores and malicious websites, and is making its way to the U.S. after primarily targeting users in Russia and Eastern Europe.

As of Tuesday, 10,270 users in the U.S. and 6,260 users in the U.K. have encountered Fobus, the blog post said.

UPDATE: A Thursday ESET post includes information on several other similar malicious apps that made their way into the Google Play store, many of which have thousands of downloads.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS