Over the last seven months, the creators of the “porn clicker” mobile malware family have found ways to bypass Google Play's security filters in what researchers are calling a “large-scale campaign.”
The malicious apps are systematically modified to sneak past even advanced detection methods based on what Bouncer - Google's mechanism for checking applications submitted to its app store - learned from the malware's previously discovered cousins, ESET researcher Lukáš Štefanko said in a Wednesday blog post.
Since the campaign started more than 300 malicious apps have made it into the Google Play store and have been downloaded at least a million times, he wrote.
Štefanko said users can protect themselves from the fake apps by paying attention to the reviews and ratings before downloading anything from the app store.
He also recommended that Google “apply more filters that actually execute the malicious code hidden in the fake app.”
