Google pulls games for kids and adults containing AdultSwine malware

Adjust Comment Print

Google Inc. has pulled around 60 games from the Play Store after learning that they were infected with malware that displayed pornographic ads.

The malware did this by contacting the developers' Command and Control server once the app was downloaded, sending data about the infected device and receiving instructions on what to do next.

Inducing users to register for premium services at the user's expense. While the AdultSwine malware games only seem to display ads they receive from the C&C, there could be other unknown intentions of the attacker that are now unknown, possibly, credential theft.

"Indeed, these plots continue to be effective even today, especially when they originate in apps downloaded from trusted sources such as Google Play", the publication wrote. To make themselves hard to remove, the infected apps had code to hide their icons. Check Point didn't explain how the malicious code found its way inside otherwise-innocuous apps, but it did demonstrate how the attack worked once the game was downloaded.

It might, for example, show an ad claiming "the user is entitled to win an iPhone by simply answering four short questions", Check Point explained. Other ads that play also try to trick the user into giving up their phone number by telling them they've won a prize. Google on Friday morning has disabled the developers' accounts and "will show strong warnings to anyone that has installed them".

Avengers Infinity War: Chris Hemsworth SPEAKS OUT on Thor 4 rumours
He said this after finishing his scenes with " Avengers 4 ", written and directed by the brothers Anthony and Joe Russo . Unstoppable Women: Hela & Valkyrie - Hela and Valkyrie's origins in the comics and their places in the MCU are explored.

The scareware "virus removal solution" was suspended from Google Play for using inappropriate marketing tactics to drive installs.

A complete list of the affected apps is available in Check Point's report. Duo users can now make calls to other users who do not have the app installed on their smartphones.

When the malicious code was installed on your phone, the code would execute when the device is unlocked.

"Should the user press the notification of "Remove Virus Now" he is redirected to an app in the Google Play Store with a somewhat questionable connection to virus removal", said the researchers in an analysis.

For more full details of the research, please visit our Research Blog.

Comments