Trojan Porn Clicker, masquerading as a popular app called Dubsmash, has yet again returned to the Google Play Store after being pulled from the platform almost a month ago. Detailed information on this recurring threat is now available on WeLiveSecurity.com.
Surfacing for the first time more than a month ago, Dubsmash 2 has made its return appearance on the Google Play Store last week. Since then it has been successfully re-uploaded four times – always containing the same malicious code.
Although the fake app that bears the malicious code poses no actual harm to the average user, the problem arises with pay-per-click campaigns, as the porn clicker trojan was created to perform click fraud. Once activated, the malware generates a lot of internet traffic, resulting in high bills. Interestingly, ESET found that this app exclusively attacks Android devices without a security solution installed.
“If no AV software is installed then Dubsmash 2’s true functionality is activated. The trojan then proceed to request porn links from its server. These links will be loaded every 60 seconds into WebView inside an invisible window,” says Lukáš Štefanko, Malware Researcher at ESET.
More information on the porn clicker trojan is now available on WeLiveSecurity.com.