While some cyber criminals are extraordinary sophisticated, and even work in multi-national groups to orchestrate elaborate breaches, most of them are simply preying upon human habits in an effort to steal data like payment card information or Social Security numbers. More often than not, the ploys they use to get this data aim to trick victims into willingly downloading and installing malware, or relinquishing login credentials on fake Web pages. And sometimes, the human habits they choose to exploit aren’t the most wholesome ones.

Using porn as a malware delivery mechanism

It’s no secret that hackers love to sully Internet pornography Web pages with their instruments of cyber crime. While some of these tactics can be spotted a mile away, others are far more deceptive. One such example is the resurgence of the Marcher Trojan. According to Trend Micro, the bug – which is believed to have been around for about three years or so – is now targeting Android users, and more specifically, Android users who watch Internet pornography.

Upon visiting certain porn sites, an Android user might receive a prompt to download Adobe Flash. The installer, however, is actually malware that is meant to create a fake version of Google Play’s payment page. The goal is to trick users into entering payment information under the impression that they’re on the actual Google Play store. Alternatively, the exploit might also display a fake online banking or PayPal page to the same end.

Trend Micro noted that this is hardly the first time hackers have used porn to go after Android users. Last year in South Korea, the Yanbian Gang used fake ads marketing explicit Web material as a way to attack millions of mobile banking users. It’s worth noting that this will hardly be the last time.

The bigger picture: What does this say about Android cybersecurity?

Using explicit Web content as a vessel for cyber crime is hardly unique to the Android OS. However, it’s worth noting that Android Marcher Trojan is one among a long list of cyber threats that have plagued users of the OS in the past few years. In fact, according to Trend Micro research, the amount of Android malware doubled in 2015. While iOS and other mobile operating systems have also been impacted by malware in the past year or so, Android still seems to bear the brunt of mobile cyber attacks. Why is this the case?

One of the main reasons is that there are so many third-party apps stored for Android, many of which can easily be tricked into offering illegitimate applications that are preloaded with malware. Another important factor is that as of 2015, Android controlled about 79 percent of the smartphone market share, according to Forbes. In that sense, it’s purely a numbers game for cyber criminals.

On the surface, none of this information may come as a comfort to Android users, but it should, and here’s why: Because unauthorized third-party app stores, many of which originate in foreign countries, are the main sources of mobile malware, the easiest way to secure an Android device is by sticking to the real Google Play.

As for the recent incident involving Marcher Trojan, avoiding third-party app stored wouldn’t have done much to help a victim. However, Trend Micro noted that there is a quick fix to getting rid of the malware. Simply go to “Settings>Security>Device Administration,” and if an app called Device Admin is running, deactivate it.

It’s not an easy time to be an Android user, but with a combination of vigilance and robust endpoint cyber security, Android users can be better prepared to take on the cyber-threat landscape.