AdultSwine malware displays pornographic ads within affected child-themed game apps that were once available for download on Google's Play Store. Researchers at Check Point detected AdultSwine hidden within 60 game apps, including some with children as their target audience. All of those affected apps were available for download on Google's Play Store up until recently. Collectively, the infected programs boasted 3 million to 7 million active installations at the time of the malware's discovery. Upon installation, AdultSwine waits to initiate its attack until a boot occurs or when the user unlocks their phone. It begins by collecting information from the infected device and sends it to one of its command-and-control (C&C) servers. From there, it proceeds with one of three attack scenarios.
Its first possible technique involves displaying pornographic pop-up ads over the legitimate game app without warning. This tactic is especially concerning for parents of children who previously downloaded one of AdultSwine's kid-friendly masks. One parent revealed as much in the review shown below:
Don't install for your kids I did and my son opened it and a bunch of thilthy [sic] hardcore porn pictures popped up, not good at all my son is only 4 so please parents beware don't install it
Alternatively, the malware can trick users with fake virus warnings into installing "security" apps, some of which are themselves malicious programs. It can also mislead the user to believe they've won a free iPhone and submit their phone number to receive their prize. AdultSwine then uses this information to register the device owner's phone number with premium SMS services. Check Point worked with Google to remove the affected apps along with known malicious programs masquerading as mobile security solutions they were helping to promote from the Play Store. Even so, the security firm thinks we haven't seen the last of code like AdultSwine. As its researchers explain:
Apps infected with the nasty ‘AdultSwine’ malware are able to cause emotional and financial distress. Due to the pervasive use of mobile apps, ‘AdultSwine’ and other similar malware will likely be continually repeated and imitated by hackers. Users should be extra vigilant when installing apps, particularly those intended for use by children.
Users can help protect themselves against digital threats like AdultSwine by installing an anti-virus solution onto their devices, downloading apps only from trusted developers, and reading the reviews of any apps they're considering installing, especially when those programs are meant for use by their children. News of AdultSwine's discovery comes several months after researchers detected Koler ransomware masquerading as fake adult-themed apps. Check Point is a member of Tripwire's Technology Alliance Program (TAP). To learn more about TAP, please click here.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
