A group of researchers from Check Point Software Technologies have discovered malware in about 60 apps on the Google Play Store. Many of these apps are games (mostly popular with children), some of which have been downloaded millions of times.
This malware is called AdultSwine and it affects your smartphones in three major ways. The first is via advertisements. When you have one of these affected applications installed, the malicious code reports to its command and control server to report a successful installation.
Once that’s done, it’ll send your device’s data to the server so that it can determine how to display these illegitimate/unwanted ads. The malware even forbids ads to be displayed in popular social media apps and browsers to avoid suspicion. It can also hide its icon so it’s harder for you to get rid of the affected app.
These ads can range from the malicious app’s main providers or even pornographic advertisements which can be pretty harmful especially when these apps are so popular with children.
Here’s an example of some of these ads:
Next, the malware will attempt to deceive you into installing fake antivirus applications, otherwise known as scareware. According to Check Point, the malicious application will display an ad that claims that your device is infected with a virus, prompting you to download “a somewhat questionable virus removal tool” (probably more malware).
You’d think that anyone with experience wouldn’t fall for that, but again you should keep in mind that these malicious apps are designed to target children who have far less experience with things like these.
But it won’t just try to trick you into installing malware, it will also try and trick you into giving up your phone number so the app can use it to subscribe to premium services, charging your account without your permission. In Check Point’s example, they received a pop-up ad that informs the user that they can win a brand new iPhone by just answering four questions.
Should you answer them, the ad will prompt you to enter your phone number. If you do, the app will apparently use that information to register for premium services without your permission.
These malicious tactics seem pretty textbook but who says you need to reinvent the wheel to trick unsuspecting users. The fact that these malicious codes made it into the Google Play Store itself is probably the scariest part.
CNET reports that Google has since removed the affected applications from the Play Store, but that doesn’t remove them from your smartphone. Also, I went through a of the more popular apps on the list of affected apps and found that there were still a handful of these affected applications in the Play Store.
If you’re worried that your device is affected, here’s Check Point Software Technology’s full list of affected applications: