Google removes 60+ fake game apps displaying porn ads from Google Play

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

Google has removed some 60+ game apps from Google Play, as they were found to contain code that either delivered inappropriate and pornographic ads, attempted to trick users into installing fake security apps or into signing up for (paid) premium services.

fake game apps displaying porn ads

About the apps

The offending apps have been first flagged by Check Point researchers, who named the threat “AdultSwine.”

The threat posed as different game apps – “Drawing Lessons Angry Birds,” “Temple Crash Jungle Bandicoot,” “Draw Kawaii,” and so on. According to Google Play statistics, they have collectively been downloaded between 3 million and 7 million times.

“First, the malicious code contacts its Command and Control server (C&C) to report the successful installation, sends data about the infected device and then receives the configurations, which determine its course of operation. These configurations instruct it on whether to hide its icon (to encumber removal), which ads to display, over which apps and on what terms,” the researchers explained.

“It is interesting to note that the server, however, forbids ads to be displayed over certain apps such as browsers and social networks, in order to avoid suspicion. As for the ads being displayed, they come from two main sources; the first is that of the main ad providers, which forbid such illegitimate display of their ads. The second is the malicious code’s own ad library, which contains ads of an offensive nature, including pornographic ads. All these are displayed to children while playing the game that the app is masquerading as.”

Alternatively, the app would show fake virus warnings and push users to install “Goldeness Browser” to remove the threat. (The app does nothing of the kind, and has been suspended from Google Play for using inappropriate marketing tactics to drive installs.)

fake game apps displaying porn ads

The third technique applied by the AdultSwine apps concentrated on getting users to sign up for premium services, by offering users an iPhone if they answer several questions and enter their phone number.

After the discovery

After the researchers notified Google of their discovery, the company pulled the apps from Google Play, disabled the developers’ accounts, and will continue to show strong warnings to any users that still have the apps installed.

But the researchers haven’t got much hope that this is the last they’ve seen of the threat.

“Due to the pervasive use of mobile apps, ‘AdultSwine’ and other similar malicious apps will likely be continually repeated and imitated by hackers. Users should be extra vigilant when installing apps, particularly those intended for use by children,” they noted, and advised parents to verify that apps used by their children are categorized as “Designed for Families” on Google Play.

The apps removed were undoubtedly causing emotional and financial damage, but they also had the potential to do even more damage.

“The malicious code simply receives a target link from its Command and Control server and displays it to the user. While in some cases this link is merely an advertisement, it could also lead to whatever social engineering scheme the hacker has in mind,” the researchers noted.