Google has removed around 60 apps infected with AdultSwine malware from its Play Store.
Security researchers at Check Point Software Technologies have uncovered malicious code within approximately 60 apps geared towards children on the Google Play Store.
Check Point wrote that, according to Google Play’s data, the apps have been downloaded between 3m and 7m times.
Malicious code in apps for children
The malicious code has been dubbed ‘AdultSwine’ by researchers as it displays web advertisements that are often pornographic or inappropriate.
It also attempts to con users into installing fake ‘security apps’ and forcing them to register for premium services at the expense of the user.
The infected app waits for a boot to occur, or a user to unlock the screen, to initiate the attack. The attacker then chooses which action to take from those mentioned above and displays it on the owner’s device.
Users will then see pornographic adverts, an alert to install a false security app, or a pop-up ad asking the user for a phone number to win an iPhone. If the user falls for the competition ruse, they are then signed up to premium services without their knowledge.
AdultSwine has the potential to open the door to other attacks, such as theft of login credentials.
Check Point said: “The malicious code simply receives a target link from its command and control server, and displays it to the user.
“While in some cases, this link is merely an advertisement, it could also lead to whatever social engineering scheme the hacker has in mind.”
Google comes down hard
Google said it has removed all compromised apps from its store. Infected apps included the popular Pocket edition of Minecraft as well as Disney-themed applications.
Check Point researchers noted the potential for emotional and financial distress due to AdultSwine, and said this form of product targeting for children will become more prominent.
They advised parents to only install products with the ‘Designed for Families’ mark on Google Play.
Google said that strong warnings will continue to be displayed on any device with the corrupt apps installed.