News has emerged about a type of malware that serves pornographic adverts within Android game apps. Since it was discovered, around 60 apps have been removed from the Google Play store because of the erotic malware. Parents are being advised that apps containing the nefarious adware have been downloaded between 3 million and 7 million times. This means children might currently be exposed to indecent images by those in-game advertisements.
The malware has been given the name AdultSwine by the cybersecurity researchers at Check Point who discovered it. According to those security researchers, the majority of the 60 apps containing AdultSwine were knock-off type games such as "Five Nights Survival Craft" and "Drawing Lessons Angry Birds."
According to those experts, the malware is designed to send details about the device it is installed on back to a command and control (C&C) server. The C&C server also updates the malware with additional malicious code. This includes making the app hide its icon to make it more difficult to remove. From the Check Point blog:
“First, the malicious code contacts its Command and Control server (C&C) to report the successful installation, sends data about the infected device and then receives the configurations, which determine its course of operation. These configurations instruct it on whether to hide its icon (to encumber removal), which ads to display, over which apps and on what terms.”
Check Point then goes on to explain that the app is sneaky enough to ensure that pornographic adverts are not served in certain applications such as social networks and browsers “in order to avoid suspicion.”
The unwanted adverts are served via an ad library controlled by the cybercriminals, many of which contain content of an “offensive nature” including pornographic adverts. The offending adverts then appear at times when usually age-conscious adverts would be promoted, resulting in young children being exposed to the shocking material.
Affected users have been warning fellow parental guardians not to download the affected apps via the Google Play store. One user wrote:
“Don’t install for your kids. I did and my son opened it and a bunch off thilthy [sic] hardcore porn pictures popped up.”
Google has acted quickly to remove the offending apps from the app store. A Google spokesperson has made the following statement:
“We’ve removed the apps from Play, disabled the developers’ accounts, and will continue to show strong warnings to anyone that has installed them. We appreciate Check Point’s work to help keep users safe.”
As if serving pornographic content wasn’t enough: the malicious apps also attempt to trick the user into downloading infected “security” apps. Presumably praying on children’s concerns that they may get into trouble with their parents for accidentally having become infected with a virus that is serving them pornography.
Check Point explains that the infected app displays a message stating that the device has been infected with a virus. If the user presses the “Remove Virus Now” notification he or she is redirected to another malicious app (a fake virus cleaner) in the Google Play store.
“An experienced eye could easily foresee this tactic, though a child playing a game app is easy prey for such nefarious apps.”
Other malicious adverts attempt to make the device owner part with their phone number. The evil malware does this by tricking the user into thinking they have won an iPhone. According to the security experts, the phone numbers are then used to register for premium services.
Image is taken from Check Point Blog. Left image: Scareware Ad Displayed
Centre image: The redirect ‘anti-virus’ app in Google Play.
Right image: User reviews in Google Play
For parents who are concerned that their child may have already installed an infected app, the advice is to take a close look at all the apps that are installed on their kid’s devices. An honest conversation asking their child if they have seen any disturbing imagery is also advised. Gentle reinforcement that it isn’t their fault and that they won’t get in trouble if they have seen anything untoward is recommended. Finally, parents who are worried about their child’s online digital security are advised to check out my recent article here.
Here is a list of games that are known to contain AdultSwine:
- Five Nights Survival Craft
- Mcqueen Car Racing Game
- Addon Pixelmon for MCPE
- CoolCraft PE
- Exploration Pro WorldCraft
- Draw Kawaii
- San Andreas City Craft
- Subway Banana Run Surf
- Exploration Lite : Wintercraft
- Addon GTA for Minecraft PE
- Addon Sponge Bob for MCPE
- Drawing Lessons Angry Birds
- Temple Crash Jungle Bandicoot
- Drawing Lessons Lego Star Wars
- Drawing Lessons Chibi
- Girls Exploration Lite
- Drawing Lessons Subway Surfers
- Paw Puppy Run Subway Surf
- Flash Slither Skin IO
- Invisible Slither Skin IO
- Drawing Lessons Lego Ninjago
- Drawing Lessons Lego Chima
- Temple Bandicoot Jungle Run
- Blockcraft 3D
- Jungle Survival Craft 1.0
- Easy Draw Octonauts
- Halloween skins for minecraft
- Skins youtubers mineworld
- Draw X-Men
- Movies skins for Minecraft
- Virtual Family – Baby Craft
- Mine Craft Slither Skin IO
- Guide Clash IO
- Invisible Skin for Slither IO app
- Zombie Island Craft Survival
- Halloween Make Up
- Jurassic Survival Craft Game
- Players Unknown Battle Ground
- Subway Bendy Ink Machine Game
- Shin Hero Boy Adventure Game
- Temple Runner Castle Rush
- Dragon Shell for Super Slither
- Flash Skin for Slither IO app
- Anime Pictures
- Pixel Survival – Zombie Apocalypse
- Fire Skin for Slither IO app
- San Andreas Gangster Crime
- fidget spinner for Minecraft
- Stickman Fighter 2018
- Subway Run Surf
- Guide Vikings Hunters
- Woody Pecker
- Pack of Super Skins for Slither
- Spinner Toy for Slither
- How to Draw Coco and The Land of the Dead
- How to Draw Dangerous Snakes and Lizards Species
- How to Draw Real Monster Trucks and Cars
- How to Draw Animal World of The Nut Job 2
- How to Draw Batman Legends in Lego Style
Opinions are the writer's own.
Title image credit: NadyaEugene
Image credits: Carmen Murillo/Shutterstock.com, images taken from Google Play store and Check Point blog.