A malware built to display porn ads within mobile apps, including a large number of children’s games, has been uncovered in Google Play.
Check Point researchers have found the new and nasty malicious code, dubbed AdultSwine, hiding in around 60 game apps. So far, they’ve been downloaded between 3 million and 7 million times.
AdultSwine does a range of things, starting with displaying ads from the web that are often highly inappropriate and pornographic. However, it also attempts to trick users into installing fake security apps and tries to dupe users to register and pay for premium services. It’s also built to be flexible, so its authors in the future could expand their sites to other malicious activities, such as credential theft.
The inappropriate ads being displayed come from two main sources, Check Point said: mainstream ad providers and the malicious code’s own ad library (where the porn ads stem from). All of these are displayed to children on a rotating basis while they play the infected games.
On the scareware front, AdultSwine displays an ad that claims the user’s device is infected by a virus.
“Should the user press the notification of ‘Remove Virus Now’ he is redirected to an app in the Google Play Store with a somewhat questionable connection to virus removal,” said the researchers in an analysis. “An experienced eye could easily foresee this tactic, though a child playing a game app is easy prey for such nefarious apps.”
When it comes to the fraudulent premium services, AdultSwine initially displays a pop-up ad saying that the user is entitled to win an iPhone by simply answering four short questions. If the user clicks through, the malicious code eventually asks him to enter his phone number to receive the “prize,” which, of course, is a ploy. The malware then uses the number to register for premium services.
“Although for now this malicious app seems to be a nasty nuisance, and most certainly damaging on both an emotional and financial level, it nevertheless also has a potentially much wider range of malicious activities that it can pursue, all relying on the same common concept,” Check Point warned. “Indeed, these plots continue to be effective even today, especially when they originate in apps downloaded from trusted sources such as Google Play.”
To avoid victimization, parents should examine the apps that their kids download and educate their children on fraud and how to spot it.