DubMash 2 was a malicious Porn Clicker app – hidden in the Google Play Store |
The fraudulent app has leveraged the popularity of the cross-platform video app Dubsmash to trick users into downloading the virus.
Dubsmash, which is available on Android and iOS, allows users to lip-sync to an audio recording of a well-known quote.
But Dubsmash 2 is a malicious app which uses PORN to trick users into generating revenue for app creators.
Malware specialist Avast has accused the app of accessing adult content online without the knowledge of the smartphone owner.
We suspect the app developer used the porn clicker method for financial gain
The malicious mobile app then reappears with an icon similar to the official Google settings application and with the name Settings IS.
When a user clicks on the Settings IS icon – it secretly actives Dubsmash 2.
Dubsmash 2 will run a background task every 60 seconds which downloads links to pornographic websites and then introduces the adult content into the smartphone’s browser.
Avast suspect the developer used the porn clicker method for financial gain.
Clicking on the pop-up ads would trigger pay-per-click earnings from the advertisers who were unaware that the system had been hijacked.
The malicious app was in the Google Play Store – and had been downloaded more than 500,000 times |
"Despite being undesirable, but basically harmless to the user and less sophisticated than other malware families such as Fobus or Simplocker," security experts Avast wrote.
"After decrypting and further examining the URLs and the video from YouTube, the Avast Virus Lab came to the conclusion that the malware most likely originated from Turkey.
"We suspect the app developer used the porn clicker method for financial gain.
"Through clicks on multiple ads within the porn sites, the app developer probably received pay-per-click earnings from advertisers who thought he was displaying their ads on websites for people to actually see.
"This app shows that although there are safeguards in place, undesirable apps that fool users can still slip into the Google Play store."
If you installed Dubsmash 2 you can delete the app by navigating into Settings > Apps > find Settings IS and then select uninstall.