CNET también está disponible en español.

Ir a español

Don't show this again

Security

Here’s why you should avoid porn on Android phones

Researchers at Kaspersky Lab find that a quarter of Android malware used porn as the bait.

Revenge porn laws

If you're gonna look at porn on your Android devices, you'll likely run into malware.

PA Images via Getty Images

If you own an Android device, think twice before you look at porn. 

Kaspersky Lab, a Russian cybersecurity company, found that at least 1.2 million people came across porn-disguised malware on Google's Android operating system last year, according to a report released Wednesday. That's about a quarter of the 4.9 million people who encountered malware on Android devices last year, the company said.

Using porn to entice unsuspecting victims to click on malware is a pretty common trick. A hacking gang used fake porn apps to rob more than a million Android phones of $892,000 in 2017, and a network of 90,000 bots spammed Twitter with porn that led to a scam website. Kaspersky Lab researchers said they'd seen porn used as malware bait "almost from the first day of adult online content."

On desktops, Kaspersky researchers found porn-related malware more than 300,000 times, but that pales in comparison to how much they discovered on mobile devices. The team found 23 different types of malware designed for Android devices, all relying heavily on porn as a lure. They included ransomware, Trojans that went after your bank account and fake subscriptions.

Google declined to comment on the research. Kaspersky Lab's findings didn't involve devices that run Apple's iOS software.

The majority of the problem malware was "clicker" Trojans that open up pages and click on advertisements without the victim knowing. This would earn the attacker money for clicked ads, drain battery life from the victim's phone and rack up data usage. In one case, a malware app used up more than 100MB of data on just ads alone in one night.

Kaspersky Lab said it's spotted several cases where clicker Trojans had been downloaded from porn websites, but also found it in fake apps and video players.

Most ransomware comes in as fake porn apps, and changes the password on your device unless you pay up.

"The scariest thing about mobile ransomware is that these Trojans change (or set) the device PIN code to random, so even if the user can delete the Trojan, the phone will remain locked," Kaspersky Team said in its blog post.

Apps with adult content aren't allowed in the Google Play store, with the tech giant announcing on Tuesday that it deleted 700,000 apps that violated its policy in 2017. Kaspersky said that many of these malicious apps can come from third-party stores, and recommends sticking to official sources like Google's app store.

The security company also recommended only using trusted pages for adult content. 

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.