'Mummy, what's felching?' Tot gets smut served by Android app

Google’s Play Store fails again

By Iain Thomson in San Francisco

Posted in Security, 12th January 2018 14:00 GMT

Researchers have found a batch of over 60 malware-carrying apps in Google's Play Store designed to rob mobile users or show them pornography, all with a kid-friendly theme.

The malware, dubbed AdultSwine by security shop Check Point, was found in apps like "Drawing Lessons Lego Star Wars", "Fidget spinner for Minecraft" and "Spinner Toy for Slither", along with a large number of Android games. The apps were downloaded between three and seven million times before the infection was caught.

One father complained to Google that the software had exposed his four-year-old son to "a bunch of thilthy (sic) hardcore porn pictures".

Time for a conversation, about dictionaries at the very least

AdultSwine offers a three-pronged approach to the operator. It can throw up a fake virus warning screen and get the user to download cleaning software that would more effectively pwn the phone, trick people into sending premium SMS messages with the offer to win a prize or just throw up websites aimed at the amateur gynecologist.

"We’ve removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them," a Google spokesperson told The Register. "We appreciate Check Point's work to help keep users safe."

Another month, another malware outbreak in Google's Play Store

READ MORE

Such exclusively family-based apps are checked manually by Google for malware and ad content, according to those familiar with the situation, but the AdultSwine code was put out for general release. That gets machine checked and, despite the Chocolate Factory's AI virus-hunting protestations, past experience and research suggests malware writers are finding Google's malware seeking bots easy to evade.

"Apps infected with the nasty 'AdultSwine' malware are able to cause emotional and financial distress," said Check Point in a blog post.

"Due to the pervasive use of mobile apps, 'AdultSwine' and other similar malware will likely be continually repeated and imitated by hackers. Users should be extra vigilant when installing apps, particularly those intended for use by children." ®

Sign up to our NewsletterGet IT in your inbox daily

72 Comments

More from The Register

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Google Play Protect is 'dead last' at fingering malware on Android

Don't expect ads giant to stop all software nasties for you – it certainly can't

Another month, another malware outbreak in Google's Play Store

50 apps get pulled as ExpensiveWall malware runs riot in the store

Microsoft patched more Malware Protection Engine bugs last week

Redmond's out-of-band advisory landed after the bugs were fixed

Banking trojan-slingers slip past Google Play's malware defences

BankBot nestled within allegedly 'fun' mobile game

International team takes down virus-spewing Andromeda botnet

Infections spread across over 200 regions

Google reveals Android Robocop AI to spot and destroy malware

Dead or alive, preferably dead, you're coming with me

Taiwanese cops give malware-laden USB sticks as prizes for security quiz

What was second prize? We think we'd rather have that

Crims using anti-virus exclusion lists to send malware to where it can do most damage

When vendors tell you what to whitelist, crims are reading too

It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

Updated KB4056892 is not your friend if you run an Athlon