X

Google pulls kids games containing AdultSwine malware

A research firm found about 60 games, many aimed at children, that contained pornographic malware. Those games have now been kicked off Google Play.

Rochelle Garner Features Editor / News
Rochelle Garner is features editor for CNET News. A native of the mythical land known as Silicon Valley, she has written about the technology industry for more than 20 years. She has worked in an odd mix of publications -- from National Geographic magazine to MacWEEK and Bloomberg News.
Rochelle Garner
2 min read

Google removed roughly 60 apps that contained hidden pornographic malware from its Play Store after a security research company found the code. Many of the games were aimed at kids. 

Researchers at Check Point Software Technologies reported the malware on Friday. Dubbed AdultSwine, the malware displayed pornographic images that looked like ads but were designed to prompt users to download fake security software. The users were then encouraged to click on other links they would have to pay for.

Google moved immediately to kick the apps off of Google Play. 

"We've removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them," Google said in an emailed statement. "We appreciate Check Point's work to help keep users safe." Google added that the issue doesn't exploit vulnerabilities in its Android security, and that users' devices weren't affected. 

screen-shot-2018-01-12-at-2-46-32-pm
Enlarge Image
screen-shot-2018-01-12-at-2-46-32-pm

Check Point's graphical description of AdultSwine at work. 

Screenshot by CNET

The affected apps have so far been downloaded between 3 million and 7 million times, the researchers said, citing Google Play data. 

Along with encouraging users to download scareware and pay for premium services, AdultSwine also stole credentials, according to Check Point. 

It did this by contacting the developers' Command and Control server once the app was downloaded, sending data about the infected device and receiving instructions on what to do next. The instructions include displaying the bogus ads, scaring users to install fake security apps and charging victims for services they didn't request or receive. 

It might, for example, show an ad saying "the user is entitled to win an iPhone by simply answering four short questions," Check Point explained. "Should the user answer them, the malicious code informs the user that he has been successful, and asks him to enter his phone number to receive the prize. Once entered, the malicious code then uses this number to register to premium services.

Affected apps include Five Nights Survival Craft, with between 1 million and 5 million downloads, and Mcqueen Car Racing Game, which has been downloaded at least 500,000 times. A full list of apps can be found here.