There is nothing surprising about Play Store hosting malware which infects Android devices but earlier today, IT security researchers at Check Point discovered 60 Android apps on Play Store infected with a malware that displays highly inappropriate and x-rated ads to users in which majority are children.
This means not only the financial sector, government or healthcare industry, cybercriminals have also found a new target which is vulnerable children since some of the infected apps include Drawing Lessons Lego Ninjago, Paw Puppy Run Subway Surf, Mcqueen Car Racing Game, Anime Pictures, Subway Banana Run Surf, Shin Hero Boy Adventure Game, and Addon Sponge Bob for MCPE etc.
The full list of malicious apps is identified by Check Point is available here. The list also shows some of the infected apps were downloaded between 3 million and 7 million times.
Dubbed AdultSwine by researchers, the malware works in four ways, for instance, it displays pornographic ads from the web, tricks users into installing fake security apps, steals data and signups users to premium services without their knowledge which costs victims money in real life.
It must be noted that the displayed ads do not belong to Google Adsense service but to a third-party one.“The most shocking element of this malicious app is its ability to cause pornographic ads (from the attacker’s 3rd party library) to pop up without warning on the screen over the legitimate game app being displayed.,” Check Point said.
According to researchers, the hackers behind the scam use scare tactics to trick victims into downloading phony “security apps” which display a fake alert about the presence of a virus on their device. The alert then asks victims to tap on “Remove Virus Now” tab however tapping takes them to another app Play Store called “virus removal solution” which is yet another fake app.
Furthermore, the malware displays a fake survey window on the screen that asks victims to provide their phone number, answer four questions to win an iPhone. In reality, the phone number is used by the attackers to register for expensive premium services.
The good news is that Check Point reported the issue to Google who immediately booted off the malicious apps from the Play Store.
Parents need to be vigilant on what their children are downloading from the Play Store. Previously, a family who bought an Android tablet for their kid as a Christmas gift found pornographic clips on the tablet. Moreover, parents should use restrictions to prevent downloading of apps and purchase on their Android devices and use an updated security software at all times.