Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

AdultSwine malware helps porn ads and scams invade children’s apps

Cybercriminals have been spiking game apps, including several aimed at children, with malware that displays pornographic ads, pushes fake security apps, and registers users for premium services with permission.

The malware, dubbed AdultSwine, was recently found in approximately 60 apps that collectively were downloaded from Google Play between 3 million and 7 million times, according to a Jan. 12 blog post from Check Point Software Technologies that was accompanied by a more in-depth research document.

Upon disclosure of this discovery, Google... removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them," a Google spokesperson told SC Media. (Very similar language appears in Check Point's blog post. Also, the children's apps that were infected with malware were not part of Google's official "Designed for Families Program" collection of kid-friendly app content.)

Following installation, AdultSwine swine sends its command-and-control server the infected device's information, which is used to determine which specific course of action to take, and whether or not to hide the app's icon in order to hinder removal. Based on reported device configurations, the malware moves forward with one of three distinct possibilities:

  • Unsolicited and in some cases offensive advertisements will pop up over the device's screen, outside of the downloaded app's context. These ads are sourced from either legit ad providers who do not permit distribution of their content in this fashion, or from the malicious code's own pornographic ad library.
  • AdultSwine employs scareware tactics, falsely reporting an infection in hopes of tricking users into downloading a bogus a virus removal solution.
  • The malware displays a pop-up ad that fraudulently claims users can win an iPhone by responding to four questions. After users submit their answers, they are asks to submit their phone number, which is used to sign up them for premium services without permission.

"Although for now this malicious app seems to be a nasty nuisance, and most certainly damaging on both an emotional and financial level, it nevertheless also has a potentially much wider range of malicious activities that it can pursue, all relying on the same common concept," state the Check Point researchers, warning that at some point the malicious code could "use its infrastructure to broaden its goals to other purposes, such as credential theft."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.