Google removes 60 apps packing the "AdultSwine" malware. Sixty games were booted off the Play Store after security firm Check Point discovered that they contained pornographic ads and malicious components. Before their removal, the games were downloaded between 3 million and 7 million times, according to the download metrics on the Play Store. The malware is dubbed "AdultSwine," and according to Check Point Research, it had three main features: The 60 listings in the Play Store were generally knockoff games, like "Five Nights Survival Craft." In some cases, the creator simply stole a real IP, as in "Drawing Lessons Angry Birds. " Once installed, the app would phone home, sending information about the user's phone and receiving instructions on how to operate. The app could hide its icon, making removal more difficult. Check Point says the malware could display ads from "the main ad providers" or switch to its own ad server, which provided porn ads, scareware ads, and ads that tricked the user into signing up for premium services. AdultSwine not only displayed ads while users played the game that came with the malware; it could also show pop-up ads on top of other apps. Google removed the apps once it was notified of them, telling the Financial Times, Weve removed the apps from Play, disabled the developers accounts, and will continue to show strong warnings to anyone that has installed them. We appreciate Check Points work to help keep users safe. Google does automated malware scanning of apps submitted to the Play Store, leading to a continual cat-and-mouse game of malicious developers working to beat the filters in various ways.
Google has deleted 60 games from its Play Store after security firm Check Point uncovered a malicious bug that displayed porn ads in game apps, many of which are aimed at children. Some of the apps include those that have been downloaded over 1 million times, like Five Nights Survival Craft and McQueen Car Racing Game, which is based on the Disney Pixar character from the film Cars. The malicious app is named Adult Swine, and Check Point says the bug displays inappropriate and pornographic ads, attempts to trick users into installing fake security apps, and tries to get users to sign up to premium services that charge the users account. A Google spokesperson told the Financial Times, Weve removed the apps from Play, disabled the developers accounts, and will continue to show strong warnings to anyone that has installed them. We appreciate Check Points work to help keep users safe. When the malicious code is installed onto your phone, it waits for the user to unlock the device to start the malicious activity. Users have left reviews on the Google Play Store for some of the apps, with one saying, Dont install for your kids. I did and my son opened it and a bunch off thilthy [ sic] hardcore porn pictures popped up. Check Point notes that the bugs configurations also allow it to hide its icon to hinder potential removal. Some of the apps also display fake notices showing the phone has been infected by a virus and provides a malicious link to a fake virus cleaner. Other ads that play also try to trick the user into giving up their phone number by telling them theyve won a prize. The phone number is then used to register for premium services. Google does have a safety feature called Google Play Protect, which checks apps when you download them and periodically scans your device for harmful apps to remove them. In a statement sent to The Verge, Google pointed out that it also has a Family collection on the Play Store to help parents find age-appropriate content and Family Link, a program for family safety that manages which apps children can use. Google also notes that it manually reviews ads and has strict category blocks to ensure children have a safe experience. The apps affected arent part of the family program. Check Point has a list of the affected apps in its research post. Update 12/01/2017 12:55pm ET: Updated with additional comment from Google.