Malware that displays graphic, adult images has been found in multiple Android apps targeting children.
The new strain, dubbed AdultSwine by researchers, was found in 60 Android apps, many with child-focused names -- such as Spinner Toy for Slither and Drawing Lessons Angry Birds -- by researchers from the cybersecurity firm, Checkpoint. According to Google app store estimates, the infected programs were downloaded between 3.5 and 7 million times.
When run, the malware causes the apps in which it resides to displays popups - some of which include advertisements containing sexual imagery and others containing ads for fake security software and other problematic items. The ads load from both an AdultSwine-specific library of advertisements as well as from legitimate third-party advertisement providers (which, of course, have terms of service that prohibit partners from using their ads in such a fashion). The malware also tries to get victims to click through screens to register for unnecessary services that will cost them a bundle. Screenshots posted online of the malware running show that it can present scam screens in multiple languages - one Hebrew-based bogus contest tells a customer that to claim his/her prize he/she submit his/her phone number; of course, there is no prize, but the submitted phone number will be used to register for unwanted, costly services.
Because the malware works by downloading target links from a malware command-and-control server, it could also be extended to take other harmful actions.
Google has removed the infected apps from the Play Store, but its doing so will not protect any of the millions of people (many of whom are likely children) who have already downloaded the apps; due to the way the Android ecosystem works, Google normally cannot unilaterally delete infected apps that are already installed on devices.
The technology giant did note, however, that it will cause devices on which the poisoned apps are installed to display warnings to users. That said, as anyone who has children likely knows, children often ignore even more serious warnings.
How did this malware situation happen?
In an attempt to prevent the distribution of malware, Google - like several other operators of app stores - scans every program loaded into the Play Store; unfortunately, however, malware is not always simple to detect. There are thousands of new strains created every day, and, sometimes, harmful code cannot be identified as such without dynamically analyzing the behavior of an app within the specific context in which it occurs -- a process that often cannot be effectively done at upload time.
So, what should you do?
1. Make sure that you and your family members have security software running on all of your devices.
2. Check your children's devices for any warnings, or for the presence of any of the infected apps listed below - delete any that you find.
3. Learn about other ways of detecting that a mobile device has been hacked.