Children Targets by AdultSwine Malware

More than 60 apps have now been permanently deleted from Google Play Store that were full of AdultSwine Malware – a malware variant that shows pornographic adverts on users’ technological devices. Many of the apps that included the malware were focused on children, including Drawing Lessons Lego Star Wars, Mcqueen Car Racing Game, and Spinner Toy for Slither. The apps had been installed by between 3.5 and 7 million users before they were initially discovered and subsequently deleted.

While the malicious apps have been taken down from Google Play, users who have already installed the infected apps onto their devices must remove the apps to remove the malware. Simply removing the apps from the Play Store only stops more users from being tricked. Google has said that it will show alerts on Android phones that have the malicious apps installed to alert users to the malware infection. It will be up to users to then uninstall those apps to eradicate the AdultSwine malware infection.

Google Play Apps Infected with AdultSwine Malware

  • Addon GTA for Minecraft PE
  • Addon Pixelmon for MCPE
  • Addon Sponge Bob for MCPE
  • AnimePictures
  • Blockcraft 3D
  • CoolCraft PE
  • DiadelosMuertos
  • Dragon Shell for Super Slither
  • Draw Kawaii
  • Draw X-Men
  • Drawing Lessons Angry Birds
  • Drawing Lessons Chibi
  • Drawing Lessons Lego Chima
  • Drawing Lessons Lego Ninjago
  • Drawing Lessons Lego Star Wars
  • Drawing Lessons Subway Surfers
  • Easy Draw Octonauts
  • Exploration Lite: Wintercraft
  • Exploration Pro WorldCraft
  • fidgetspinnerforminecraft
  • Fire Skin for Slither IO app
  • Five Nights Survival Craft
  • Flash Skin for Slither IO app
  • Flash Slither Skin IO
  • Girls Exploration Lite
  • Guide Clash IO
  • Guide Vikings Hunters
  • HalloweenMakeUp
  • halloweenskinsforminecraft
  • How to Draw Animal World of The Nut Job 2
  • How to Draw Batman Legends in Lego Style
  • How to Draw Coco and The Land of the Dead
  • How to Draw Dangerous Snakes and Lizards Species
  • How to Draw Real Monster Trucks and Cars
  • Invisible Skin for Slither IO app
  • Invisible Slither Skin IO
  • Jungle Survival Craft 1.0
  • Jurassic Survival Craft Game
  • Mcqueen Car Racing Game
  • Mine Craft Slither Skin IO
  • Moviesskinsforminecraft
  • Pack of Super Skins for Slither
  • Paw Puppy Run Subway Surf
  • Pixel Survival – Zombie Apocalypse
  • Players Unknown Battle Ground
  • San Andreas City Craft
  • San Andreas Gangster Crime
  • Shin Hero Boy Adventure Game
  • skinsyoutubersmineworld
  • Spinner Toy for Slither
  • Stickman Fighter 2018
  • Subway Banana Run Surf
  • Subway Bendy Ink Machine Game
  • Subway Run Surf
  • Temple Bandicoot Jungle Run
  • Temple Crash Jungle Bandicoot
  • Temple Runner Castle Rush
  • ThanksgivingDay
  • ThanksgivingDay2
  • Virtual Family – Baby Craft
  • Woody Pecker
  • youtubersskins
  • Zombie Island Craft Survival

AdultSwine Malware Malicious Activity

AdultSwine malware, and the apps that infect users, were first discovered and analyzed by security experts at CheckPoint. The experts note that once installed onto a computing device, the malware sends information about the user to its command and control server and carries out three malicious activities: Showing advertisements, registering users to premium services, and downloading scareware to trick victims into paying for security software that is not necessary. Data is also stolen from the infected device which can potentially be used for a variety of malicious reasons.

The advertisements are shown when users are playing games or browsing the Internet, with the adverts coming from real ad networks and the AdultSwine library. The AdultSwine malware library includes extreme adverts including hardcore pornographic images. Those pictures appear on screen without warning.

The scareware says that the victim’s device has been infected with a virus that requires the installation of an anti-malware app from the Google Play Store, although the virus removal tool is not a real app. Users are told that their phone will be rendered unusable if the app is not installed, with a countdown timer used to add urgency.

Signing up for premium services requires the user to supply further details, which is done through pop-up phishing adverts. The user is informed that they have won a prize, but that they must answer four questions to claim their prize. The data they supply is used to sign up for premium services.

In most cases, users can address the risk of a malware infection by only downloading apps from official app stores, although this most recent malware campaign has shown that even official stores can be compromised and have malicious apps installed.

Google does check all apps for malware, but new variants of malware can be pushed onto Google Play Store from time to time. Google has revealed that from the end of January it will be introducing a new service called Google Play Protect that is capable of scanning previously installed apps to ensure they are still safe to use.

Google advises only installing apps for children that have been approved by Google as being ‘Designed for Families’. Those apps may include adverts, but they have been vetted and strict rules apply covering the advertisements that can be shown.

It is also crucial to download some form of anti-malware solution – from a reputable and well-known firm – that will scan installed content and apps for malware.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone