Games with pornographic ads sneak into the Play Store, get 3 million downloads

Google removes 60 apps packing the “AdultSwine” malware.

The malware is dubbed “AdultSwine,” and according to Check Point Research, it had three main features:

The 60 listings in the Play Store were generally knockoff games, like “Five Nights Survival Craft.” In some cases, the creator simply stole a real IP, as in “Drawing Lessons Angry Birds.” Once installed, the app would phone home, sending information about the user’s phone and receiving instructions on how to operate. The app could hide its icon, making removal more difficult. Check Point says the malware could display ads from “the main ad providers” or switch to its own ad server, which provided porn ads, scareware ads, and ads that tricked the user into signing up for premium services. AdultSwine not only displayed ads while users played the game that came with the malware; it could also show pop-up ads on top of other apps.

Google removed the apps once it was notified of them, telling the Financial Times, “We’ve removed the apps from Play, disabled the developers’ accounts, and will continue to show strong warnings to anyone that has installed them. We appreciate Check Point’s work to help keep users safe.” Google does automated malware scanning of apps submitted to the Play Store, leading to a continual cat-and-mouse game of malicious developers working to beat the filters in various ways.