Mobile threats distributed under the guise of porn content doubled in 2019

2020 APAC Threat Predictions: Secure mobile devices better, improve threat intel against new techniques from APT groups

Self-isolation has prompted changes to many aspects of everyday life. With ‘stay at home – stay safe’ being the new motto for 2020, and adult content platforms experiencing an influx of visitors, security risks in this field have never been so relevant. In fact, the review of 2019 threat activity done by Kaspersky researchers demonstrated that the number of mobile users attacked by pornographic content grew two-fold in 2019, reaching 42,973 users compared to the 19,699 who were targeted in 2018.

Adult content, just as is the case with other types of entertainment, remains one of the most prominent ways malefactors try to it infect devices. Moreover, due to its rather sensitive nature and the reasonable desire amongst users to keep their browsing experience private, porn remains of particular interest to cybercriminals. While various schemes involving phishing, spam and even various sex-related ransomware have been around for years, cybercriminals do not stop at that and continually work on expanding attack vectors and perfecting the methods of those attacks.

With the rise of mobile devices that can be used for virtually anything – from work to entertainment – porn-related mobile threats are becoming more relevant as well. To learn more about mobile threats related to illicit content, Kaspersky checked all files disguised as porn videos or adult content related installation packages for Android and ran 200 popular porn tags against this database. The analysis showed results for 105 tags in 2018 and for 99 tags in 2019, demonstrating that not all porn is used by cybercriminals to target their victims. Additional analysis demonstrated that content that can be rated as violent was hardly ever used for spreading malware.

Even though less tags were used to spread threats disguised as porn in 2019, the number of users attacked by mobile porn-related threats and potentially unwanted applications doubled – reaching 42,973 users attacked compared to 19,699 in 2018. Interestingly, the opposite trend was witnessed for the PC-threats, which dropped by almost 40%.

Advertisement software, used to show and redirect users to unwanted advertising pages, remains the most prominent mobile threat both in variety and in the number of attacked users. Out of the top 10 porn-related threats for mobile users in 2019, seven belonged to this class of threat.

Malware name%Malware name%
not-a-virus:HEUR:AdWare.AndroidOS.Agent.f39.23%not-a-virus:HEUR:AdWare.AndroidOS.Agent.f35.18%
not-a-virus:UDS:AdWare.AndroidOS.Agent.f22.58%not-a-virus:HEUR:AdWare.AndroidOS.HiddenAd.fc26.46%
UDS:DangerousObject.Multi.Generic21.30%not-a-virus:UDS:AdWare.AndroidOS.Agent.f24.86%
not-a-virus:HEUR:AdWare.AndroidOS.Ewind.h8.40%not-a-virus:UDS:AdWare.AndroidOS.HiddenAd.fc13.94%
not-a-virus:UDS:AdWare.AndroidOS.Ewind.h5.54%HEUR:Trojan.AndroidOS.Hiddapp.cr11.60%
not-a-virus:HEUR:AdWare.AndroidOS.Agent.n5.27%not-a-virus:HEUR:AdWare.AndroidOS.HiddenAd.et8.69%
not-a-virus:HEUR:AdWare.AndroidOS.Coee.a3.52%not-a-virus:UDS:AdWare.AndroidOS.HiddenAd.et7.48%
HEUR:Trojan-SMS.AndroidOS.Opfake.bo2.97%not-a-virus:UDS:AdWare.AndroidOS.MobiDash.ap6.75%
HEUR:Trojan.AndroidOS.Boogr.gsh2.96%UDS:Trojan.AndroidOS.Hiddapp.cr6.29%
Top-10 detection names that represent porn-related categories, by the number of targeted mobile users, in 2018 and 2019. Source: Kaspersky Security Network

Most users have been targeted by advertisement application detected as AdWare.AndroidOS.Agent.f, with 35.18% of mobile users targeted by it in 2019. This type of threat is typically distributed through various affiliate programs, which has a purpose to earn money per installation or for the victim to download malicious applications.

“As users are becoming more mobile, so are cybercriminals. We have seen that although PC malware distribution has been dropping, mobile malware is on the rise. While we have not witnessed many changes in the techniques used by cybercriminals, statistics show that this topic remains a steady source of threats and users need to be aware of that, taking steps to protect access to the valuable data they keep on their devices” – comments Dmitry Galov, security researcher at Kaspersky. “One cannot ignore how these attacks abuse user privacy as well  – with data leaks and personal or private information being sold on the dark market for very small fees. Cybercriminals are now able to cross-reference various leaked databases of users, and hence make more informed decisions about the attacks, making them targeted rather than random, and hence, more effective. Users need to take more serious steps to protect themselves than ever through applying advanced security measures and educating themselves on handling their own data on the web and evaluating what risks their exposure entails”.

Other findings of the adult threat report include:

  • Cybercriminals endeavor to have more flexibility in choosing what kind of malware to distribute, with nearly two in five users attacked by porn-related PC threats being hit by Trojan-Downloader (39.6%), that enable attackers to later install other types of malware.
  • There was a drop in porn-related PC-threats, falling from 135,780 to 106,928 attacked users in 2018 and 2019 respectively.
  • The number of users attacked by malware hunting for credentials that grant access to pornography websites has dropped, while the number of the malware attacks continues to grow, increasing by 37% from 2018 to 2019 and reaching 1,169,153 attacks in 2019. This demonstrates the persistence of the botnets in attacking the same users, a picture radically different to 2018.
  • Privacy becomes an even bigger concern for the users when it comes to adult content. From leaked personal images to stolen premium pornography sites subscriptions, this information remains in high demand with sex continuing to be a topic used by cybercriminals as an easy way to make money. On top of that, sextortion fraud is gaining momentum and is turning into separate “industry”.

To stay safe from adult content threats, Kaspersky advises the following:

  • Pay attention to the website’s authenticity. Do not visit websites until you are sure that they are legitimate and start with ‘https’. Confirm that the website is genuine by double-checking the format of the URL or the spelling of the company name and try looking for reviews of sites that seem suspicious to you;
  • Patch the software on your PC as soon as security updates for the latest bugs are available;
  • Do not download pirated software and other illegal content. Even if you were redirected to the webpage from a legitimate website;
  • Block the installation of programs from unknown sources in your smartphone’s settings and only install apps from official app stores
  • Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud

This site uses Akismet to reduce spam. Learn how your comment data is processed.