Hackers hide malware, porn ads inside gaming apps on Google Play Store

Infected apps for kids were downloaded over 3 million times to push illegitimate ads, scareware and effectively steal money from victims.
Google play store
(Flickr <a href="">Bram Koster</a>

Won’t somebody besides the scammers please think of the children?

New malware on the Google Play Store was downloaded more than 3 million times, hiding inside nearly 70 different game apps seemingly intended for kids and teens, say researchers from Israeli cybersecurity firm Check Point Technologies.

The malware, known as AdultSwine, created an array of problems for victims, including scaring them into installing fake security apps, spending money on premium SMS messages and displaying ads over other apps that included pornographic content.

Infected apps include Five Nights Survival Craft (with over 1 million downloads), Mcqueen Car Racing Game (over 500,000 downloads) and Addon Pixelmon for MCPE (over 500,000 downloads).


Google confirmed the incident to CyberScoop and a spokesperson said the apps were removed from the Play Store, the developer’s accounts were disabled and warnings are being dispatched to anyone who installed the affected apps.

Some of the ads came from popular advertisement networks like Google, Facebook and Immobi. The pornographic ads and content comes from the malware’s own ad library.

A Google spokesperson said the infected apps don’t strictly qualify as intended for children because the malware developers didn’t participate in Designed for Families, a strictly controlled and manually reviewed program on the Google Play Store.

Check Point says AdultSwine could also easily be used for further nefarious acts like credential theft.

(Check Point)


Despite significant efforts from Google, the Google Play Store is regularly hit by malware outbreaks that affect unsuspecting users. Just last week, adware called LightsOut was downloaded over 1.5 million times by victims.

Google has contended with successful banking trojansspywareadwarecomplete takeovers and nation-state attacks over the past year. Android’s security team is increasingly using machine learning to detect malware in the Google Play store but Android Play Protect, the operating system’s security tool, has mixed results in independent tests against competitors.

“Definitely some things slip past Google once in a while,” Christoph Hebeisen, an Android security researcher at Lookout, told CyberScoop. “That said, I suspect it’s a tiny percentage of what’s actually thrown at them by malware developers. I think it’s just the sheer mass that something once in a while slips past. In this case, there are millions of downloads but in most cases malware doesn’t get downloaded terribly often.”

Lookout confirmed Check Point’s findings on AdultSwine malware and said their security software has protected Android users since April 2017. Check Point’s own Zone Alarm Android security app also provides protection.

Boasting the most popular mobile operating system on the planet, Android is making improvements and winning battles but is still fighting an uphill battle with no end in sight.


“Google Play houses more apps and has laxer controls for developers to get their apps into the Play store,” according to Jordan Herman, a researcher from the threat intelligence firm RiskIQ. “However, Google does work diligently to ensure that blacklisted apps are removed from the store. In fact, the percentage of apps blacklisted by RiskIQ in the Google Play store has decreased, falling to a low of 4 percent in Q3 after reaching a high of 8 percent in Q2.”

Apple’s App Store does contend with malware but, due in large part to tighter restrictions and a far smaller number of apps and users, the iOS App Store appears to be hit less frequently with malware outbreaks than its Android counterpart.

Latest Podcasts