Fake Dubsmash App Delivered Porn to Hundreds of Thousands of Android Users

By Gary Cutlack on at

An app going by the name of Dubsmash 2 managed to work its way up to well over 100,000 downloads on Google's Play store before being pulled -- because it was nothing more than a porn site loader disguised as a popular new thing.

Comments beneath the now deleted listing, captured by malware specialist Avast, show users baffled as to where to find it once installed, because the only evidence it left was an "Settings IS" icon in the app listing that used a similar look to Google's official settings button. Should a curious user click on this to see what it is one bored evening, the malicious app would spring into life, scheduling a task to run every 60 seconds that downloads a link of porn sites and randomly pops one up in the browser.

A second service checked the user's IP address for changes and popped up a YouTube video when it found a change, which must've infuriated users. Perhaps a welcome innovation for some, but overall quite a bad thing that's likely to lead to some red faces through embarrassment rather than frenzied appreciation of said pictures.

The reason for it all? For the developer to make money from advert clicks. You wouldn't think Google would have much of a problem with that, seeing as it's the entire reason  it exists. [Avast via Cult of Android]