Skip to Content
Security & privacy

Watch out! Clever spyware is spreading on porn sites

Most of the time, we warn you that it’s impossible to know where cybercriminals are going to strike, which is usually the case.

They deliver their scams in many ways. You might receive a phishing email that contains a malicious link, leading you to a nasty outcome. Maybe you’ll stumble across a malicious app or website that infects your gadget with malware or ransomware.

As I said, most of the time these attacks are unpredictable. However, it’s times like these when I just shake my head and think, yep you could have guessed this was coming. Of course, I’m talking about a new batch of clever spyware that is circulating on porn sites.

Malicious links being spread on social media

Researchers at Trend Micro have discovered a nasty version of spyware that is being distributed with the lure of adult games. The spyware, dubbed Maikspy, mainly targets Android and Windows users.

The spyware in question is named after former adult film actress Mia Khalifa. Scammers are tricking victims into clicking malicious links that supposedly lead to adult games like one called “Virtual Girlfriend.”

These malicious links are being circulated through social media sites like Twitter. When a victim clicks the link, they end up on a site that infects their gadget with malware. Instead of being able to download the app, they see an error message that claims to be uninstalling the game.

What’s actually happening is, spyware is installed and will run in the background of the victim’s gadget. Then, the scammer can spy on all text messages, see everyone in the victim’s contact lists, and make a record of every app installed on the device.

Image: Infection chain of Maikspy variant. (Source: Trend Micro)

According to Trend Micro, the malicious site is hxxp://miakhalifagame[.]com/. The site distributes malicious apps and connects to its C&C server to upload data from infected gadgets.

The researchers said, “The attackers behind Maikspy have changed domains and IP addresses over the years, but all were found hosted in a publicly traded internet domain registrar and web hosting company in the U.S. Downloading only from legitimate app stores like Google Play can prevent Maikspy from compromising computers and mobile devices.”

This just goes to show you that it’s not a good idea to download apps from third-party vendors. It’s much safer getting apps from official app stores like Google Play and Apple’s App Store.

Staying protected from malicious apps

In the never-ending battle against scammers, Google is asking Android users to follow these steps:

Google Play Protect

One way to stay protected is to opt into Google Play Protect. It is designed to work in the background, protecting users from malicious apps in real time. Click here to learn more about it and how to opt in.

Avoid third-party apps

Only download apps from the Google Play Store. Even though some malicious apps make it into the Play Store, it does have a more thorough screening process. This cuts down on the chances a malicious app makes it in. Third-party app stores don’t have these screening processes.

Keep unknown sources disabled

According to Android, it protects users from inadvertently downloading or installing “unknown apps,” or apps from sources other than Google Play. Android blocks such installs until the user opts into allowing the installation of apps from other sources. It’s disabled by default and we recommend keeping it this way.

Make sure your operating system is up to date

Make sure your gadget is updated with the most recent Android security update. You’ll get these security updates in regular operating system updates. It’s a great way to patch vulnerabilities.

Check the app’s developer

Verifying the name of the app developer is important. Copycat apps will have a different developer’s name than the actual one. Before downloading an app, do a Google search to find the original developer.

Pay attention to reviews

Most popular apps will have reviews by other users in the app store. You can sometimes find reviews by experts online. These are helpful at pointing out malicious or faulty apps. If you find a review warning the app is malicious, do NOT download it.

If you do think that your Android device has been infected with a virus, don’t worry, we’ve got you covered. Click here to find out how to detect and remove a virus on your Android gadget.

Speaking of security, watch out for these malicious apps in the Google Play Store

Although extra screening in official app stores cuts down on the chances a malicious app makes it in, it doesn’t always work. Sometimes a sneaky developer finds a way to trick these systems into accepting a questionable app. That’s happening right now.

Click here to see how these malicious apps are sneaking into Google Play and what you can do to stay protected.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out