Security researchers on Friday disclosed the existence of malicious code buried inside dozens of apps that displayed pornographic images to users. Many of the apps are games reportedly geared toward young children.




Google moved quickly on Friday to remove the roughly 60 apps said to be affected from its Play Store. The malware was first reported by the cyberthreat intelligence firm Check Point.

“We’ve removed the apps from Play, disabled the developers’ accounts, and will continue to show strong warnings to anyone that has installed them,” a Google spokesperson said. “We appreciate Check Point’s work to help keep users safe.”


Example of fake ad propagated by the AdultSwine bug. (Check Point)

While they appeared as such, the pornographic images displayed were not actually Google ads. Google supposedly maintains tight controls on all ads that appear in what it calls “Designed for Family” apps. The company also maintains a white-list of advertisers deemed safe for children under the ages of 13.

None of the affected apps were part of Google’s “Family Link” program, which is the category of recognized kid-friendly apps available across Google’s platforms.

The malware, dubbed AdultSwine, is said to have displayed the highly inappropriate images while also attempting to trick users into installing a fake-security app, or “scareware.” After the fake “ads” were delivered, users would’ve received a “Remove Virus Now” notification, or something similar, designed to provoke users into downloading the scareware.


“An experienced eye could easily foresee this tactic, though a child playing a game app is easy prey for such nefarious apps,” the researchers said.

In some cases, the malware would also prompt users to register for premium services—meaning charges would be applied. It might, for example, tell users they could win a “free iPhone” by answering a few questions before prompting them to enter a phone number.




The AdultSwine malware was also capable of vacuuming up login credentials, according to Check Point, which would’ve been transferred back to a server under the malicious hackers’ control.



The affected gaming apps included at least one which may have had up to 5,000,000 downloads—Five Nights Survival Craft—as well as many others which had between 50,000 and 500,000 downloads.




A complete list of the affected apps is available in Check Point’s report.

