Slashdot Mirror

← Back to Stories (view on slashdot.org)

Porn-Clicker Android Malware Hits Google Play Hard

Posted by timothy on from the click-jacking dept.

An anonymous reader writes: In a little over seven months, cybercriminals using click-jacking mobile malware to earn affiliate income have managed to push over 340 instances of the malware into Google Play. The "Porn Clicker," as ESET researchers have dubbed the threat, does not steal user information or download additional malware – it simply clicks on ads generated by the attackers' servers and shown on pornographic websites. The user is none the wiser, as the malicious app does so covertly.

47 comments

  1. I swear it was a virus honey. by gurps_npc · · Score: 4, Funny

    Me? I would never click on those ads. Must be a virus.

    --
    excitingthingstodo.blogspot.com
    1. Re:I swear it was a virus honey. by roc97007 · · Score: 2

      I know at least two people who would respond to TFA with "Wow. Bonus."

      Those are the machines I refuse to work on anymore. Those guys will click on anything, like Chip the Sales Associate.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    2. Re:I swear it was a virus honey. by sudon't · · Score: 4, Interesting

      My first thought was, "Hey, maybe here's a way to support web sites without looking at ads!" Whip up a plug-in that blocks ads on the page, but sends some clicks up the pipe at the same time. Voila! Everyone is happy, and the current internet model is saved!

      --
      -- sudon't

      Air-ride Equipped

    3. Re:I swear it was a virus honey. by MobileTatsu-NJG · · Score: 2

      So... you're saying that this isn't malicious at all, it's a public service?

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    4. Re:I swear it was a virus honey. by EdwardFurlong · · Score: 2

      AdNauseam?

    5. Re:I swear it was a virus honey. by Anonymous Coward · · Score: 0

      Same here. I've wondered about having something one step above an ad-blocker (and this is assuming a fast network because ads take up a lot of bandwidth) which only passed through the relevant content, but in a separate container, rendered the ads, clicking on links, signing up to stuff with random names/addresses, and even installing software (be it apps in an Android VM or applications in a Windows VM) foisted in an ephemeral VM that would be destroyed after it sent the "yo, here is another infected box" confirmation message to the C&C servers.

      This would do three things: First, it would make advertisers think that their crap works... second, it actually poisons their intrusive info gathering, third, it gets ad revenue to sites. Wins on all fronts.

    6. Re:I swear it was a virus honey. by Anonymous Coward · · Score: 1

      This would do three things: First, it would make advertisers think that their crap works...

      It won't, they already have code to identify and discard click-bots, more below.

      second, it actually poisons their intrusive info gathering,

      Once again, click-bot behavior is discarded before it enters the database, no poisoning here.

      third, it gets ad revenue to sites.

      This is how I know that ad-trolls can detect click-bots. They wrote the code to identify web sites using scripts to artificially inflate their ad revenue, even by trivial amounts. All your plugin will do is mark all the web sites you visit as potentially using click-bots, lowering their ad revenue.

      Wins on all fronts.

      Very much not.

    7. Re:I swear it was a virus honey. by Anonymous Coward · · Score: 0

      Um no. The people spending the money (advertisers) aren't happy, and if it catches on this will destroy the ad supported content model or (more likely) result in a new wave of "we used flash to display our sites content and navigation so you can't block the ads" web design.

    8. Re:I swear it was a virus honey. by stephanruby · · Score: 1

      Seriously thought, this is the first malware I wouldn't mind downloading (except for the potential drain on my battery).

      It disrupts the current model of ad click-baiting.

    9. Re:I swear it was a virus honey. by Anonymous Coward · · Score: 0

      They wouldn't detect this plugin as a clickbot if it was designed to click like a human. Only on an ad after a few seconds + random time. Only on a few ads every day.

    10. Re:I swear it was a virus honey. by thunderclap · · Score: 1

      Apparently yours and his versions of win are very different. As I don't like ads all that much, this is very much win win for me.

    11. Re: I swear it was a virus honey. by Anonymous Coward · · Score: 0

      But honey, it was the malware.

    12. Re:I swear it was a virus honey. by Anonymous Coward · · Score: 0

      going from 'nothing for a very long time' to 'something every now and then' would have to be slowly ramped up, as to coax the identification algorithm.

  2. Article title... by Anonymous Coward · · Score: 0

    That's what she said.

  3. Not going to read the article by belthize · · Score: 4, Funny

    Because I don't want to destroy my image of a virus whose sole desire is to watch tons of porn while you browse more mundane sites. If that ever comes to pass my view of the universe will be mostly confirmed.

    1. Re:Not going to read the article by Anonymous Coward · · Score: 0

      Sounds more like it gets Google Play hard, if you know what I mean.

    2. Re:Not going to read the article by toonces33 · · Score: 1

      I am thinking of Bender from Futurama downloading robot porn.

  4. This hit me by Anonymous Coward · · Score: 0

    Right after I downloaded the Chive, this popped up.

    I was looking for a reason to reset my phone. Now I have it.

  5. uBlock? Is it any good? by Anonymous Coward · · Score: 0

    Anyone use uBlock?

    1. Re:uBlock? Is it any good? by Anonymous Coward · · Score: 0

      Yes, yes.

    2. Re: uBlock? Is it any good? by Anonymous Coward · · Score: 0

      Use uBlock Origin.

    3. Re:uBlock? Is it any good? by penguinoid · · Score: 1

      Yes, but I have a script keep track of all the websites I visit and use a modified version of this virus to click on every ad on every website I visit, not just once but hundreds of times. Because I like to support the websites.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  6. Rule 34 malware. by Flavianoep · · Score: 1

    There are no exceptions to rule 34!

    --
    Linux is for people who don't mind RTFM.
    1. Re:Rule 34 malware. by StikyPad · · Score: 2

      None that you can think of, anyway. :)

      --
      https://www.eff.org/https-everywhere
  7. Re:Play hard by Austerity+Empowers · · Score: 0

    Die harder

    Rigor mortis will take care of that.

    "He died as he lived: failing to call a doctor after it lasted more than 4 hours"

  8. spam by Anonymous Coward · · Score: 0

    spam site help net again.... copying security reports and passing them as their own

    1. Re:spam by Anonymous Coward · · Score: 0

      yea, they submitted this story three times
      the mods should take attitude and ban these aholes instead of promoting their spam to the frontpage

  9. Pounds by Anonymous Coward · · Score: 0

    Use 'pounds' instead of hits. Cause its funny.

  10. Appropriate terminology by jmcwork · · Score: 2

    Click-jacking. Ha!

  11. PornClicker Android Malware POUNDS GooglePlay Hard by williamyf · · Score: 4, Funny

    There, Fixed That For You. :-P ;-)

    --
    *** Suerte a todos y Feliz dia!
  12. Support those websites by penguinoid · · Score: 2

    Aren't advertisers complaining that people using adblock are not supporting the websites they visit? They must be thrilled at this eager ad-clicker.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:Support those websites by Anonymous Coward · · Score: 0

      You should probably read this.

    2. Re:Support those websites by gstoddart · · Score: 1

      Well, they're paying out affiliate money with no return ... likely not so much.

      --
      Lost at C:>. Found at C.
    3. Re:Support those websites by Anonymous Coward · · Score: 0

      We need more malware and viruses that commit click-fraud. Ads are too prevalent and too cheap right now.

  13. Re:PornClicker Android Malware POUNDS GooglePlay H by Anonymous Coward · · Score: 0

    it appears that google's "walled garden" has a broken chastity belt.

  14. Re:PornClicker Android Malware POUNDS GooglePlay H by Anonymous Coward · · Score: 0

    It's just cyberscum doing penetration tests.

  15. Re:PornClicker Android Malware POUNDS GooglePlay H by Anonymous Coward · · Score: 0

    Nope, it hits it. Like the fist of an angry god.

  16. I have a level 73 herbal viagramage! by Thud457 · · Score: 1

    Porn Clicker?

    It that the new hot clicker game?
    3...
    2...
    1...
    NOW it is.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    1. Re:I have a level 73 herbal viagramage! by Anonymous Coward · · Score: 0

      NOW it is.

      Already been done.

  17. Plausible deniability by phorm · · Score: 3, Interesting

    I remember reading that some guy had gotten out of CP charges based on some malware that was on his phone. It wasn't provable that he was the one that had actually done the downloading, and his computer was riddled with Malware.

    I've personally seen infected user computers which were downloading or visiting sites like crazy in the background without the users' knowledge. The only thing they knew was that the computer was "being slow" so I was called for service.

    1. Re:Plausible deniability by Anonymous Coward · · Score: 0

      So what did you use to detect the malware?

  18. Origin. by antdude · · Score: 1

    Yes, but hard to use at first to tweak rules.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  19. Easy to stop using hosts files by Anonymous Coward · · Score: 0

    See subject: Source articles have the bad host-domain names to block listed here http://www.welivesecurity.com/...

    * Simply replace "http://" with 0.0.0.0 from the list & add it to your custom hosts file to be protected vs. this threat.

    APK

    P.S.=> For the BEST possible custom hosts file? Well, you know APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.start64.com/index.p...

    ... apk

  20. What's the problem, advertisers? by allo · · Score: 1

    When people block ads, you cry how should websites get their money. When people click a lot of ads with this app, you're crying, too. Please decide, if you want the clicks or not.