Are anti-malware solutions good enough?
Are anti-malware solutions good enough?

Cyber-criminals have been spiking game apps, including several aimed at children, with malware that displays pornographic ads, pushes fake security apps, and registers users for premium services with permission.

The malware, dubbed AdultSwine, was recently found in approximately 60 apps that collectively were downloaded from Google Play between three million and seven million times, according to a 12 January blog post from Check Point Software Technologies that was accompanied by a more in-depth research document.

Upon disclosure of this discovery, Google... removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them," a Google spokesperson told SC Media. (Very similar language appears in Check Point's blog post. Also, the children's apps that were infected with malware were not part of Google's official "Designed for Families Program" collection of kid-friendly app content.)

Following installation, AdultSwine swine sends its command-and-control server the infected device's information, which is used to determine which specific course of action to take, and whether or not to hide the app's icon in order to hinder removal. Based on reported device configurations, the malware moves forward with one of three distinct possibilities:

  • Unsolicited and in some cases offensive advertisements will pop up over the device's screen, outside of the downloaded app's context. These ads are sourced from either legit ad providers who do not permit distribution of their content in this fashion, or from the malicious code's own pornographic ad library.
  • AdultSwine employs scareware tactics, falsely reporting an infection in hopes of tricking users into downloading a fake virus removal solution.
  • The malware displays a pop-up ad that fraudulently claims users can win an iPhone by responding to four questions. After users submit their answers, they are asks to submit their phone number, which is used to sign up them for premium services without permission.

"Although for now this malicious app seems to be a nasty nuisance, and most certainly damaging on both an emotional and financial level, it nevertheless also has a potentially much wider range of malicious activities that it can pursue, all relying on the same common concept," state the Check Point researchers, warning that at some point the malicious code could "use its infrastructure to broaden its goals to other purposes, such as credential theft."