Malicious adult dating apps that continue to increase on Google Play

　McAfee Mobile Research has monitored the trends of one -click fraud apps on Google Play aimed at Japanese users from April to today.In May, the release of a new app was temporarily suspended, but as of today, the uploading of fraudulent apps has been continued.We have confirmed a total of about 600 one -click fraud apps from early April to today.

　On the other hand, we have also confirmed that the number of well -known frauds -adult dating sites fraud is increasing on Google Play.These malicious dating apps have been released on Google Play for some time, but since May, multiple apps have been uploaded every day.As of today, more than 400 malicious dating apps have been released, of which about 130 are still on Google Play.The total number of downloads of these existing apps is 90,000-310,000 times, and it is thought that if you include downloading the already deleted apps, it will be more.

Example of malicious adult dating apps

　In Japan, such malicious dating services have existed for over 10 years.Many of them use "Sakura" to keep paying users on service fees to contact someone who can never meet, or make fictitious requests for paid services that are not used.In particular, after the environment for accessing the Internet, sending emails and writing on an online bulletin board using mobile phones, is often exposed to these frauds on mobile terminals.In many cases, users have been guided to these malicious sites with links on spam mail, website, and search engines, but recently new routes such as SNS and free messaging tools have been used.。

　And the attackers have also used mobile applications as a new route to malicious dating sites.In particular, attackers are aiming for more fraudulent targets by publishing fraudulent apps on Google Play, the most famous Android application store.

　Most of these applications simply implement the existing malicious dating website with the WebView component on the application, or launch a device web browser to display those sites.is.This makes it possible for attackers to develop and disclose fraudulent apps more easily, quick and large.

Web page displayed when a malicious dating app starts

　We have confirmed that the developers of a series of one -click fraud apps described above are developing and publishing malicious dating apps.It is not clear whether this developer himself operates a malicious dating site, but I think it is related to somehow, such as obtaining affiliate rewards from service operators.

Example of malicious dating apps published by one -click fraud app developers

　We have also confirmed that a large number of malicious dating apps are probably released by another developer.These apps are simply displayed as a collection of dating sites, which are simply displayed as malicious dating websites, ads such as advertisements to malicious sites, and as a collection of dating sites.There are various other dating sites that include malicious sites, implemented as a summary application on a certain famous online bulletin board, and guide readers to malicious sites by fake article threads.

Examples of malicious dating site induction app published by another developer

An artificial dating site that pretends to be an article summary site on a famous bulletin board.Induction app In addition to actual articles, we intentionally insert guidance articles to malicious sites

Article Summary If you follow the article link on the site, you will be guided to a malicious dating site

　In addition, many of these malicious dating sites (LP) imitates the Google Play application explanation page, and these dating services are as if they were recognized by the official application store.There is a work such as reassuring and leading to registration.

Landing page of malicious dating site imitating Google Play

　These apps themselves do not collect personal information or send spam mail or SMS.These simply guide users to a malicious dating site on the web.After being guided to these malicious dating sites, you will be registered in the service on your own, but in most cases you will be required to enter the mail address of the mobile terminal, in some cases, the telephone number.You may be required.

　As soon as you register for the service, you will receive an email from the opposite sex user (or the site operator itself) suspected to be Sakura.Immediately after registering the service, you can browse or reply for free, but the free period is suddenly ended when you promise to meet, and you will be required to pay for the following contact.In addition, he will be elected as a premium member, will receive a notification that the service will be used forever in the future, and to encourage the minimum initial registration fee to be paid to obtain the privilege, and to transfer expensive cash.In some cases, you will receive an email and encourage registration of a regular paid member to contact for transfer procedures.

　One of the characteristics of these malicious dating sites is that a large amount of spam emails are received by automatically registering a potato ceremony on a partner site other than registered services.In some cases, the number is 2-3 cases per minute, and you may end up receiving more than 1,000 cases a day.

　Users can avoid the risk of fraudulent damage by not registering for these services, and by not sending and receiving emails or interacting with operators even if they are registered.It is considered that the fact that the scam victims due to dating are not ended is due to the clever tricks of professional fraud groups.Therefore, we believe it is important to prevent users from being guided to these services.

　McAfee Mobile Security detects these malicious dating apps as Android/Deaifraud to protect users from traditional fraud in Japan.Also, by registering the URLs of these malicious dating sites in our web reputation database, we block access via the web browser.

* This article is a recaptured part of the editorial department from the blog operated by Mcafee in the editorial department.