More than 300 malicious porn clicker Trojans have flooded Google Play over the last seven months, according to the antivirus company ESET. What the company calls as “one of the largest malware campaigns” on Google Play has plagued the Android app store with hundreds of bogus app mimicking popular apps and games.

“There have been many malware campaigns on Google Play, but none of the others have lasted so long or achieved such huge numbers of successful infiltrations,” says Lukáš Štefanko, ESET’s Android malware specialist.

When installed, the bogus app seems to do nothing, or at least an unsuspecting user would not know if it was doing anything at all. The app would download a list of porn websites, launch an instance of the browser in the background, and go wild clicking on the ads.

The reason? It’s to boost the ad revenue for the porn websites, chip a coin or two from the advertisers and ad companies. Can’t say I am sympathetic with the ad companies or advertisers working with the industry, but the users affected need to be warned.

According to ESET, about ten Trojan infected bogus apps make their way to Google Play each week, bypassing veto process and human assessment. Even though Google has been informed and is actively working on putting a cap on the plague propagation, the bad guys still have “the upper hand.” They seem to be well organized and savvy to keep modifying the malicious code and obscuring it from the Bouncer, Google’s apps checking algorithm. ESET estimates the malicious apps have been downloaded over 3600 times each. And they are 300+ apps!

Bogus Apps Look Legitimate

Clones and cheap replicas of Subway Surfers, GTA San Andreas, Toy Truck Rally, My Talking Tom, Facebook, Boom Beach, Pou, Clash of Clans, Hay Day, Minecraft Pocket Edition, Piano Tiles and Tinder are particularly successful as users often skip reading comments and download the apps thinking they are legitimate. For the full list of bogus apps, go to ESET blog.

Reckless Behavior Is A Part of The Problem

In fact, the security experts point out that poor user choices and reckless behavior is a part of the problem the malware keeps propagating. Most of the bogus apps have poor ratings. Yes, they are mixed with excellent ratings, but many people take the time to leave a bad rating when they find faults with an app or game. ESET specialist says if the users took the time to read the reviews, they would not have downloaded the malicious apps in the first place.

Hence, apart from the cyber wars raging on the front lines of mobile, it’s the browsing and installing behavior and user choices that need fixing. People install antivirus and antispyware software on their desktops, and for some reason they think smartphones do not need the same treatment. Utterly wrong.

Your smartphone contains tons of your personal data – photos, backups, emails, financial information if you shop from your phone, your health information and exact location, your friends circles, your social networks accounts. Everything.

Hence, mobile is highly targeted. It’s always a good idea to read user comments, and take the time to leave a comment, bad or good, when you encounter problems with an app. An antivirus app would do a part of the job eliminating the threat. So does Google’s own verification process. Remember that pop up that suggests you should allow Google to verify apps when you install them from unknown sources? That will prevent a KNOWN malicious app from getting installed on your device. It recognizes the malware that has already been removed from Google Play and hence blacklisted.

The problem of undiscovered malware remains unsolved. Both Google and users need to adjust their practices to fight cyber crime because porn clickers might sound relatively innocent. However, if you are on a metered network, your bill might skyrocket. Additionally, there is no guarantee the malware won’t get an upgrade and encrypt your device for ransom. The possibilities are unlimited.

Steer Clear of Malware

These are the things you need to keep your device safe from porn clickers:

Always read user reviews, pay attention to negative ones. When in doubt, double-check.

Make sure the developer is authentic. You know Candy Crush Saga’s publisher is King, right? If you want to install a popular app and doubt if it’s malware or not, double-check the publishing company name.

Have an antivirus to check the apps as they get downloaded.

Have a firewall app installed. Block new apps, unless they need the connection to work properly. Think and apply common sense – if Tinder does need the connection, Subway Surfers surely can run offline. So, you can deny it the access to the Internet. Here is a roundup of Android firewall apps that can block your apps and games from accessing the Internet behind your back.

Do not install apps from unofficial app stores, especially pirated.

Go through the list of installed apps and uninstall the junk you are not using.

Pay attention if you suspect that some app is gobbling up your bandwidth – it might be the symptom of malware like the porn clicker.

Stay safe and don’t underestimate the value of your personally identifiable information. Keep tabs open on PocketMeta for more security updates, apps and games reviews and awesome tips and tricks to boost your mobile productivity and fun.