Malware Displaying Sexually Graphic Ads Discovered in Game Apps on Google Play

In the past, cyber-criminals have targeted businesses, hospitals, and governments; today, we’ve seen them begin to target innocent children says Check Point Software Technologies, an internet security supplier, as it presents its research.

Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside almost 70 children’s’ game apps. According to Google Play's data, the apps have so far been downloaded between 3 million and 11.5 million times.

Dubbed ‘AdultSwine’, these malicious apps wreak havoc in three ways:

1. Displaying ads, often highly inappropriate and pornographic.

2. Scaring users into installing fake ‘security apps’.

3. Duping the user into allowing the app to send premium SMS messages at the user’s expense.

In addition, the malicious code can move laterally within the infrastructure of the phone, opening the door for other attacks such as user credential theft.

How it works

Once the infected app is installed on the device, it waits for a boot to occur or for a user to unlock their screen in order to initiate the attack. The attacker then selects which of the above three actions to take and then display on the device owner’s screen.

Inappropriate and Pornographic Ads

The most shocking element of this malware is that it causes pornographic ads (from the attacker’s ad library) to pop up without warning on the screen over the legitimate children’s game app.

Scareware

Another course of action the malware pursues is scaring users into installing unnecessary and harmful “security” apps.

First, the malware displays a misleading ad claiming a virus has infected the user’s device.

Upon selecting the ‘Remove Virus Now’ call to action, the user is directed to another app in the Google Play Store posing as a virus removal solution.

The “virus removal solution” is anything but – it’s another malware.

Sending Premium SMSs

AdultSwine’s third malicious activity is charging the victim's account for fraudulent premium services they did not request.

In a similar way to the scareware tactic, the malware initially displays a pop-up ad, claiming the user just won an iPhone and that their phone number is needed to collect the prize. If the user sends their phone number, the malware sends premium SMS messages, charging the user’s mobile bill.

Takeaways

‘AdultSwine’ is a malware able to cause emotional and financial distress. It also has a much wider range of malicious activities it could potentially pursue.

Due to the pervasive use of mobile apps, ‘AdultSwine’ and other similar malware will likely be continually repeated and imitated by hackers preying on unsuspecting users, including children.

Effective protection from attack by these malware, requires users to install advanced mobile threat defense solutions on all mobile devices.