Pornographic malware found in Android apps for kids

Yolanda Curtis
January 13, 2018

The apps could be found in the Google Play store, and some of them were games geared toward children.

Android smartphone users are regularly advised to download apps only from official sources such as Google Play to avoid malware, but security researchers have again found malicious apps in the store.

The malware also sought to trick users into installing fake security apps, and it could open the door for other attacks such as theft of user credentials, Check Point said.

In a statement to the Financial Times, a Google spokesperson said "We've removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them".

In some cases, the malware would also prompt users to register for premium services - meaning charges would be applied.

The company clarified that the inappropriate ads within the apps were not Google ads. Therefore, Play Services is a key core component to Google's premium user experience.

Google has made a very new and significant change to its Duo app. Numerous apps are games reportedly geared toward young children. "An experienced eye could easily foresee this tactic, though a child playing a game app is easy prey for such nefarious apps". "Should the user answer them, the malicious code informs the user that he has been successful, and asks him to enter his phone number to receive the prize". Check Point has a full list of the names to 63 malicious apps here.

The code could even do more damage, as Check Point noted that AdultSwine "also has a potentially much wider range of malicious activities that it can pursue, all relying on the same common concept". Some of the removed games have been downloaded over 1 million times, like Five Nights Survival Craft and McQueen Car Racing Game, based on the Disney Pixar character from the film Cars.

"Due to the pervasive use of mobile apps, AdultSwine and other similar malicious apps are likely to be continually repeated and imitated by hackers", the researchers said in a blog post.

Other reports by iNewsToday