Posted on 07/24/2015 4:52:13 PM PDT by Swordmaker
Lately we informed you how a fake Dubsmash application has been uploaded to Google Play Store at least nine times, which have tens of thousands of installs. This porn clicker Trojan, which we detect as Android/Clicker, has once more become available for download from Play Store. After we notified Google and published an article about these fake Dubsmash Trojans, we discovered other fake Dubsmash versions being uploaded again infected with the same porn clicker. We detected yet another 51 Trojan porn clickers accessible for the users to download. Four of them had more than 10,000 installs and one of them had more than 50,000 installs.
This 51 together with 9 fake Dubsmash we reported in the previous article users were able to download 60 different Trojan clicker applications from Google Play. These Trojan clickers were downloaded at least 210,000 times in the last three months. In the weeks after our article was published, these apps were installed more than 106,000 times.
This time not only were fake versions of Dubsmash uploaded by the same developer, we also found Download Manager, Pou 2, Clash of Clans 2, Subway surfers 2, Subway surfers 3, Minecraft 3, Hay Day 2, various game cheats and Video Downloaders being infected with the same Trojan Clicker.
Figure 1 Fake Subway Surfers 2
Figure 2 Fake Dubsmash 2
Figure 3 Fake Dubsmash V3
ESET is still seeing occurrences of this infiltration on Google Play and, after more than a month, these fake Trojan Clickers are still managing to evade Google’s Bouncer malware filter and potentially exposing millions of users to risk.
Figure 4 Porn clicker apps from Google Play
Interestingly, none of the fake applications will add a Dubsmash app icon to the app menu after installation. Instead the malicious apps pretend to be arcade games like Flappy Birds Family, board games or system applications.
Figure 5 Examples of Trojan app icons
Following ESET’s notification, Google has pulled the malware from the Play Store and also reports some of them as potentially harmful applications using its built-in security service.
Figure 6 Google security service notification of potentially harmful app
Even though the malicious applications were available for download for at most a week, tens of thousands of people still installed them. Hopefully, Google is doing its best to fix this issue and find a way to prevent the developers of these porn clickers from publishing them to the Play Store. To reduce the risk from malicious apps that may have slipped through Google’s filtering, we advise Play Store customers to take careful note of reviews by other customers, and to ensure that their security software is kept up to date.
|
App Name
|
Uploaded
|
Installs
|
|---|---|---|
| Dubsmash 2 | 27 May 2015 | 0 - 10 |
| Dubsmash V3 | 28 May 2015 | 10,000 – 50,000 |
| Dubsmash 2 | 30 May 2015 | 10,000 – 50,000 |
| Dubsmash 2 | 2 June 2015 | 0 - 10 |
| Dubsmash 2 | 4 June 2015 | 0 - 10 |
| Dubsmash 3 | 9 June 2015 | 0 - 10 |
| Download Manager | 9 June 2015 | 0 - 10 |
| Dubsmash 2 | 10 June 2015 | 0 - 10 |
| Poo Video Downloader | 13 June 2015 | 0 - 10 |
| Dubsmash 2 | 14 June 2015 | 10 - 50 |
| Dubsmash 2 | 17 June 2015 | 10,000 – 50,000 |
| Dubsmash 3 | 19 June 2015 | 1,000 – 5,000 |
| Dubsmash 2 | 20 June 2015 | 10 - 50 |
| Best : Dubsmash 3! | 1 July 2015 | 0 - 10 |
| Komboatic | 1 July 2015 | 0 - 10 |
| Best : Dubsmash | 4 July 2015 | 10,000 - 50,000 |
| C l a s h o f C l a n s 2 | 4 July 2015 | 100 - 500 |
| Cheats for Clash of Clans | 6 July 2015 | 5,000 - 10,000 |
| Dubs Mash 2 | 6 July 2015 | 1,000 - 5,000 |
| Cheats & Trucos: Gta 5 | 6 July 2015 | 10 – 50 |
| Maps & Guide: GTA 5 | 6 July 2015 | 100 – 500 |
| Subway Surfers 2 | 7 July 2015 | 50,000 – 100,000 |
| Best : Dubsmash | 7 July 2015 | 1,000 – 5,000 |
| Clash of Clans 2 | 8 July 2015 | 0 - 10 |
| Pou 2 | 8 July 2015 | 5,000 - 10,000 |
| Subway Surfers 3 | 8 July 2015 | 1,000 - 5,000 |
| Followers for Instagram | 8 July 2015 | 10 - 50 |
| MayHayda | 8 July 2015 | 500 - 1,000 |
| MayHada | 8 July 2015 | 500 - 1,000 |
| Man Kaptasi | 8 July 2015 | 100 - 500 |
| Smash Hit 2 | 9 July 2015 | 500 – 1,000 |
| Miviki yanki | 10 July 2015 | 1,000 – 5,000 |
| Flipagram 2 | 10 July 2015 | 100 – 500 |
| Koday | 10 July 2015 | 0 - 10 |
| Deer Hunter 2015 | 10 July 2015 | 0 - 10 |
| Minecraft 3 | 13 July 2015 | 0 - 10 |
| Red Ball 6 | 13 July 2015 | 50 - 100 |
| Archery Master 4 | 13 July 2015 | 0 - 10 |
| Exploration Lite 2 | 14 July 2015 | 100 - 500 |
| Traffic Racer 2 | 14 July 2015 | 50 - 100 |
| Hitman Sniper 2 | 14 July 2015 | 50 - 100 |
| Batman 2 | 14 July 2015 | 10 - 50 |
| The Walking Dead 2 | 14 July 2015 | 0 - 10 |
| Moto Loko 2 | 14 July 2015 | 0 - 10 |
| Rally Racer 2 | 14 July 2015 | 0 - 10 |
| Dr Driving 2 | 14 July 2015 | 100 - 500 |
| Survivor Heroes 2 | 15 July 2015 | 0 - 10 |
| Dubsmash 2 | 15 July 2015 | 10 – 50 |
| Hay Day 2 | 15 July 2015 | 0 -10 |
| Subway Surfers 2 | 19 July 2015 | 10 - 50 |
| Dubsmash 2 | 19 July 2015 | 10 - 50 |
|
Package Name
|
MD5
|
ESET Detection name
|
|---|---|---|
| com.chbded.chs | 73DB1E459DA78A7C831209B687B6C12F | Android/Clicker.M |
| com.jet.cleandub | 9334DAD2F7C9422E0D1C740D646C19DB | Android/Clicker.J |
| com.jet.dubsh | 48A4BE6A7A6CBAB9C4A674F99E5158AA | Android/Clicker.J |
| com.memr.gamess | AC8D9DEEE2B07EF3A7C5BD2FC01560F1 | Android/Clicker.M |
| com.androsadfg.downloadmanager | 6CACBDD667504DC564050D5DD5CF683B | Android/Clicker.M |
| com.jet.ayak | 28C5A7E4FC2E7CD446E03A88939596FD | Android/Clicker.P |
| com.wngrd.mp3remote | 093412BCA7984039F5369DE6308D4C47 | Android/Clicker.M |
| com.jet.shdub | 11D32B18A096AE2D0F3D054BA0131492 | Android/Clicker.J |
| com.poo.downloader | B85EEF771BE83A33E233A8CA587C9B9D | Android/Clicker.P |
| com.poo.db | 88C8F6715D5466DA7C1EB7DBAB7584A8 | Android/Clicker.P |
| com.poo.smm | 13AFF08E4733C953BC7DE6A5D7C02FD2 | Android/Clicker.P |
| com.huynoibomira.bobo | A845279F215ED6966B45D64E3369A1F2 | Android/Clicker.M |
| com.ti.basegam | 656E573C1277EE6607A0403CAA02AE25 | Android/Clicker.M |
| com.biz2048.yilinda | 331C93AFACD1433A2ECD7E5E7AEE9ADF | Android/Clicker.M |
| com.rikona.sa | 390AE01ED49CBBE14EA91F347E806D8F | Android/Clicker.M |
| com.kankalar.cheats | 167ABC463BC9C7A2D1EDC0E383806499 | Android/Clicker.M |
| com.kankalar.clash2 | F297E5A18A4025ECB0F34C8BF905B3F1 | Android/Clicker.M |
| com.kankalar.elma | 5AF9E1DE3D1D19DACB1AA98288E1CA25 | Android/Clicker.M |
| com.sulale.chetastga | 08B320694B898B0F6402FA8B45D301F8 | Android/Clicker.M |
| com.sulale.cimmi | 249A0660F18C53D91B58A680D78E9EC4 | Android/Clicker.M |
| com.sulale.dubb | D11BB0B91595E6B6DE89FB7BF2C92F83 | Android/Clicker.M |
| com.poo.cofc | 4FBC4AB39C704088902A6C114A44F0F3 | Android/Clicker.Q |
| com.poo.po | 98961261BC663F4D3E6F073CE6575A48 | Android/Clicker.Q |
| com.poo.way | 3E62E455A15D99762198F8C5779F81AF | Android/Clicker.Q |
| com.poo.x | DC78620AA75EDBB846776760A88AE17A | Android/Clicker.Q |
| com.nguyenngocjumraze.suuu | 21679FE29217DB6925B17CC4BF1FCE9B | Android/Clicker.M |
| com.nguyenngocjumraze.takip | 3FD37BB6250F08A58C8932C630F57C4C | Android/Clicker.M |
| com.fet.hiye | 47BE311A6CDA5B4981DB282CA1884BC9 | Android/Clicker.M |
| com.kendo.yako | B0345E9392F2C79D2403B18FB7FFD419 | Android/Clicker.M |
| com.nhantieplosengazi.flip | 44D7A2E9B3D106C4D41311E23350A813 | Android/Clicker.M |
| com.nhantieplosengazi.kivi | 189E5E23A99AF963DBFD70FD9552661E | Android/Clicker.M |
| com.phutanjocohare.conc | CB6A3918CFFA7BEEF2EAD6E5C60F2A3E | Android/Clicker.M |
| com.phutanjocohare.jat | 647987E48CF037E57CEEC6CB282F8124 | Android/Clicker.M |
| com.phutanjocohare.may | 9E4B0ADC7B4CF2353859EADBB928C688 | Android/Clicker.M |
| com.pupa.yelken | 5B35B0D5E04F9CDCFFF66D376805ADDF | Android/Clicker.M |
| com.xuanjonaterilove.sma | 402AEF32A99C71602A51FF8A36F5ABFE | Android/Clicker.M |
| com.fryzombisaren.haa | 4462CDA324E272FA63511D77486B82B9 | Android/Clicker.M |
| com.fryzombisaren.hte | 12D2DF188BAF7523BB04AC7735E6C818 | Android/Clicker.M |
| com.cor2.lu | FAD2ABC5DBD0F081EB3E9509EA7840E9 | Android/Clicker.M |
| com.eski.hisar | 8C4AC0AD1435264D3219DB45FEC627F9 | Android/Clicker.M |
| com.isken.derun | EC6359CEF3E0933467F62DD31F20AF09 | Android/Clicker.M |
| com.kasta.monu | 0D93F4278FC8288CEAA8FE5933BA64C6 | Android/Clicker.M |
| com.manisa.turgutlu | FFB92BA3236CC5C9DF9A2EF5EDB3BDE2 | Android/Clicker.M |
| com.pamuk.kale | 474EA15E00B1EF9A29F1BF624B78FA4B | Android/Clicker.M |
| com.thanhbangzerisa.bat | 1C4C8380C51CECDA01D40A841601A0BD | Android/Clicker.M |
| com.thanhbangzerisa.de | FE6B42F3872014C1CB4374611676B754 | Android/Clicker.M |
| com.thanhbangzerisa.ex | 97804ADBA13B706A3EA232FD28DC9B4D | Android/Clicker.M |
| com.thanhbangzerisa.hi | AF96768436794CE6161A4A62C82F5A0D | Android/Clicker.M |
| com.thanhbangzerisa.tita | E3E4984C3143B8461B38B187A31A0BEF | Android/Clicker.M |
| com.xuantonglazaderi.du | D59B2C7A28AE19FF2B85DB9C2EEEF29B | Android/Clicker.M |
| com.xuantonglazaderi.su2 | 1E5B2B33CF0A4AE45BF29C7C848C5F60 | Android/Clicker.M |
Author Lukas Stefanko, ESET
Perhaps your lists might be interested. This article contains a list of the infected Android Apps that the users might have downloaded. There are over 60 infected Apps on the Google Play Store this time that have been downloaded over 60,000 times in less than a week. Apparently some of them are the same as popular downloads.
If you want on or off the Mac Ping List, Freepmail me.
Google just doesn’t have the funds to check all uploaded apps.
I greatly limit what apps I put on my phone. Downloading every free app you see is crazy.
/s
You really can't be serious, can you?
From Google's 10-Q as of June 30, 2015, Google has Cash and other liquid assets on hand of $69,780,000,000.00 they can spend on checking uploaded apps. They made an after tax profit in the last quarter of $3,409,000,000 which they could have allocated to checking uploaded apps. Of course, I am also certain, it would not have cost anywhere near either of those amounts to check for malware on the one million plus apps in their Android Google Play Store. Perhaps they just chose not to do it?
Therefore, I am sure you were kidding. . .
Bazinga!
Do little kiddies who like to play these free games care about viruses to begin with???
Because only an idiot adult would ever load one of these on their whatever.
PS: this is just crying out for one of your TM graphics, don't you think?
I have no idea. The most popular name of these seems to be Dubsmash. You got any idea what the hell Dubsmash is? Sounds dangerously like malware to begin with.
“As long as this doesn’t interfere with my Ashley Madison account, I’m good to go.”
Don’t worry, we called your wife and told her your account was intact and you didn’t lose any contacts.
I’m with you. I had (and still have) absolutely no idea what Dubsmash is. Doubt seriously that we’re missing anything.
I don’t have a clue either. As an old fart, it sounds to me like a hipster music thingamajig.
Ok, I like it. . . looks like Google is a bit shaky. . .
All I can say is “WTF”!!!???
Billion dollar company with their noses stuck (or at least attempted) right up every butt on the planet, and they won’t be bothered to screen out this sophomoric crap?
I think Grandma and a couple of the g’kids got talked into some “free” Android tablets a couple of weeks ago. I do believe that I’m going on a little Search and Destroy (or at least pull the damn battery out) of every one of those things I can find. ...and this call is “Buster”.
...what a bunch of BS.
I may be sorry I asked, but what in the heck is a porn clicker?
I gather it hijacks accounts and also adds links to porn sites and ads for porn to apps, and hijacks links to normal URLs to porn sites. Click on a link expecting to go somewhere legit and wind up on a porn site. Hence Porn clicker.
Same here. I resist downloading all but the absolute most critical items to keep the basic functions working on my Android phone.
My wife, on the other hand.....geeeesh....
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.