Google removed a series of game apps from the Google Play Store after Check Point Researchers discovered malicious code that hides itself inside about 60 game apps, several of which are intended to be used by children.
Citing Google Play data, researchers at Check Point report that the apps have been downloaded between 3 million and 7 million times. Many of the apps are intended to be used by children, with ads that are displayed to them while they are playing the game on the app.
The malware, called AdultSwine, displays highly inappropriate and pornographic ads from the web, attempts to trick users into installing fake security apps, or encourages users to register for premium services at their expense. The code also can use "its infrastructure" for other purposes, such as the theft of log-in credential.
The server also prevents ads from serving up in certain apps like browsers and in social networks to avoid suspicion. The list of apps include Five Nights Survival Craft and San Andreas City Craft, among many others.
To serve inappropriate ads, the malicious code verifies conditions on the device and then displays the illegitimate ads outside of the app’s context. If it is embedded inside a web browser app, the ads will serve up inside that browser. If not, they will be displayed inside a designated web view, Check Point analysts explain.
The advertisements are served from the main ad providers and the malicious code’s own ad library, which contains offensive and pornographic ads.