Nearly 70 Android games for children featuring advertisements promoting adult websites were found listed on the Google Play Store by cybersecurity firm Check Point Research, as detailed by the company on Friday. The malicious code injecting such unseemly materials into apps catering to extremely young audiences was dubbed by the company as "AdultSwine" and appears to be primarily targeting mobile games. Besides pornographic ads that are completely unrelated to the subject of the apps in which they're being displayed and their target audience, the code is also frequently attempting to misled users to allow it messaging privileges, after which it will start sending SMS messages at their expense, targeting premium and highly expensive services. If the ads it's displaying aren't trying to direct users to adult websites, they're presenting fraudulent security warnings in an attempt to guide them to installing equally problematic apps presenting themselves as "security" tools, the researchers found.
The library of compromised games has between 3 million and 11.5 million downloads in total, according to the data provided by Google's digital marketplace. Check Point identified comments from parents of numerous child victims exposed to the inappropriate content served by AdultSwine, noting that the nature of the infected apps makes them a group that's by far the most vulnerable to the malware. AdultSwine initiates attacks from the moment the user first boots an infected app, with the attacker always having the option of deciding whether to deliver adult ads, "scareware," or attempt to trick users into providing the app with a permission to send premium SMS messages.
The infected Android apps identified by Check Point were already reported and taken down from the Google Play Store, though the cybersecurity firm claims the "pervasive" popularity of mobile apps will continue encouraging malicious developers to come up with similar malware. The quality control issues on the Google Play Store have been an issue with the company's online marketplace for many years now and while Alphabet's subsidiary already introduced a number of solutions meant to combat Android malware such as Google Play Protect, none of its efforts have yet put a stop to all such software that manages to sneak past its automated inspections.