I know this actually sounds a bit silly, but if you think about it, it's pretty dangerous. Security experts are warning of malicious applications found on Google Play Store that steal your personal data in the background while offering to show you trailers for Japanese anime, video games, and yes...porn. Promises of porn? Assuming how many users probably were tempted by the offer of free Japanese porn, I'll bet this Trojan stole TONS of data already. In fact, it's already reportedly been downloaded by at least 70,000 users.
Carlos Castillo, a malware researcher at McAfee expalined that the new Trojan has so far been discovered in 15 applications on the Google Play Store. So far, it's only targeted to hit Japanese users in apps that display internet based video trailers.
Basically, once the app is installed, the app requests the user to grant them permission to read contact data and phone state, which then enables the app to pilfer the Android ID, phone number, and entire contact list of names, addresses, and phone numbers stored in the contacts list. After this, it attemps to send the data in unencrypted clear text to a remote server, and if it can successfully transmit the data, it requests a video from that server to display. So basically the app says "Do what I say and you get free porn", and not only that, if you follow its instructions, you actually get. (WOW).
It does seem that the apps have been removed from the market, as Carlos states that “Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market”.
Pretty nuts right? I mean just last week we reported on a piece of malware disguising itself as Angry Birds Space, and now it seems that hackers looking to steal your data have now set their sites on something that literally millions of people watch everyday: porn.
Does this mean you should install an antivirus on your device now? Well you can, but according to research from AV Test, two thirds of malware scanners are not able to successfully detect and remove such applications.
So again, the best thing we all can do is to do a few seconds of research on developers before pressing that download button. With the amount of malware spotted in Android's current platform (about 11,000 strains), it's definetely worth the time.
Picture credits: Photobucket (edited by myself)
Source: The Register