Sixty preys were booted off the Play Store after security firm Dash Point discovered that they contained pornographic ads and malicious components. First their removal, the games were downloaded between 3 million and 7 million times, agreeing to the download metrics on the Play Store.
The malware is dubbed “AdultSwine,” and according to Discontinuity Point Research, it had three main features:
- Displaying ads from the Web that are repeatedly highly inappropriate and pornographic
- Attempting to trick users into installing sham “security apps”
- Inducing users to register to premium services at the drug’s expense
The 60 listings in the Play Store were generally knockoff strategies, like “Five Nights Survival Craft.” In some cases, the framer simply stole a real IP, as in “Drawing Lessons Angry Birds.” Split second installed, the app would phone home, sending information about the drug’s phone and receiving instructions on how to operate. The app could hide its icon, make a run for iting removal more difficult. Check Point says the malware could put ads from “the main ad providers” or switch to its own ad server, which provided porn ads, scareware ads, and ads that tricked the purchaser into signing up for premium services. AdultSwine not only displayed ads while buyers played the game that came with the malware; it could also disclose pop-up ads on top of other apps.
Google removed the apps once it was alerted of them, telling the Financial Times, “We’ve removed the apps from Give, disabled the developers’ accounts, and will continue to show strong lessons to anyone that has installed them. We appreciate Check Point’s chore to help keep users safe.” Google does automated malware thumb of apps submitted to the Play Store, leading to a continual cat-and-mouse engagement of malicious developers working to beat the filters in various ways.