The researchers from security firm Check Point reported a new Android threat, dubbed AdultSwine, which disguises as Android games. The malware is capable of displaying pornographic ads to the users. Stories about malware apps living in Google Play aren’t new, but the reason why this is concerning is that the primary target of these gaming apps are mostly kids.
Google quickly removed 60 malware apps after the CheckPoint informed them about the Android malware which can also trick users into installing fake security apps and subscribe to premium services at users’ expense.
According to the researcher’s blog post, after an infected app installs on the target device, it waits for the user to unlock their device so it can begin its work. The app contacts its C&C to send an acknowledgment about successful installation and details about the target device.
The server then instructs the app to hide its icon to prevent deletion and tells which ads to display over which apps. The researchers noted that the malicious app prefers not to show ads in browsers and social networking apps to avoid suspicion.
The ads are displayed from the malware’s own ad library and from advertisement providers which forbid such illegitimate display of their ads. While the AdultSwine malware games only seem to display ads they receive from the C&C, there could be other unknown intentions of the attacker that are currently unknown, possibly, credential theft.
“Although for now, this malicious app seems to be a nasty nuisance, and most certainly damaging on both an emotional and financial level, it nevertheless also has a potentially much wider range of malicious activities that it can pursue, all relying on the same common concept,” the researchers wrote.
The respective pages of the malicious apps on Google Play already had negative user reviews warning other users about the display of inappropriate content in advertisements. According to Google’s data, these Android games have a combined download count between 3 million and 7 million.
The most downloaded malicious Android games include Five Nights Survival Craft, Mcqueen Car Racing Game, Addon Pixelmon for MCPE, CoolCraft PE, and Exploration Pro WorldCraft. You can check out the complete list here.