Pornographic Ads Targets Children in AdultSwine Malware Campaign

Over 60 apps have now been deleted from Google Play Store due to the presence of AdultSwine Malware, a form of malware that displays pornographic adverts on users’ devices. Many of the apps that included the malware were focused on children, including Drawing Lessons Lego Star Wars, Mcqueen Car Racing Game, and Spinner Toy for Slither. The apps had been installed by anywhere between 3.5 and 7 million users before they were identified and deleted.

While the malicious apps have been erased, users who have already downloaded the impacted apps onto their devices must uninstall the apps to delete the malware. Just deleting the apps from the Play Store only prevents more users from being impacted. Google has said that it will show warnings on Android phones that have the malicious apps downloaded to warn users about the malware infection. It will be up to users to then uninstall those apps to delete the AdultSwine malware infection.

Apps with AdultSwine Malware Detected

  • Addon GTA for Minecraft PE
  • Addon Pixelmon for MCPE
  • Addon Sponge Bob for MCPE
  • AnimePictures
  • Blockcraft 3D
  • CoolCraft PE
  • DiadelosMuertos
  • Dragon Shell for Super Slither
  • Draw Kawaii
  • Draw X-Men
  • Drawing Lessons Angry Birds
  • Drawing Lessons Chibi
  • Drawing Lessons Lego Chima
  • Drawing Lessons Lego Ninjago
  • Drawing Lessons Lego Star Wars
  • Drawing Lessons Subway Surfers
  • Easy Draw Octonauts
  • Exploration Lite: Wintercraft
  • Exploration Pro WorldCraft
  • fidgetspinnerforminecraft
  • Fire Skin for Slither IO app
  • Five Nights Survival Craft
  • Flash Skin for Slither IO app
  • Flash Slither Skin IO
  • Girls Exploration Lite
  • Guide Clash IO
  • Guide Vikings Hunters
  • HalloweenMakeUp
  • halloweenskinsforminecraft
  • How to Draw Animal World of The Nut Job 2
  • How to Draw Batman Legends in Lego Style
  • How to Draw Coco and The Land of the Dead
  • How to Draw Dangerous Snakes and Lizards Species
  • How to Draw Real Monster Trucks and Cars
  • Invisible Skin for Slither IO app
  • Invisible Slither Skin IO
  • Jungle Survival Craft 1.0
  • Jurassic Survival Craft Game
  • Mcqueen Car Racing Game
  • Mine Craft Slither Skin IO
  • Moviesskinsforminecraft
  • Pack of Super Skins for Slither
  • Paw Puppy Run Subway Surf
  • Pixel Survival – Zombie Apocalypse
  • Players Unknown Battle Ground
  • San Andreas City Craft
  • San Andreas Gangster Crime
  • Shin Hero Boy Adventure Game
  • skinsyoutubersmineworld
  • Spinner Toy for Slither
  • Stickman Fighter 2018
  • Subway Banana Run Surf
  • Subway Bendy Ink Machine Game
  • Subway Run Surf
  • Temple Bandicoot Jungle Run
  • Temple Crash Jungle Bandicoot
  • Temple Runner Castle Rush
  • ThanksgivingDay
  • ThanksgivingDay2
  • Virtual Family – Baby Craft
  • Woody Pecker
  • youtubersskins
  • Zombie Island Craft Survival

AdultSwine Malware Malicious Activities

AdultSwine malware, and the apps that infect users, were located and analyzed by security experts at CheckPoint. The researchers note that once installed onto a device, the malware shares data about the user to its command and control server and performs three malicious activities: showing advertisements, registering users for premium services, and installing scareware to trick victims into paying for security software that is not required. Information is also stolen from the infected device which can potentially be used for a range of malicious purposes.

The advertisements are shown when users are playing games or browsing the Internet, with the adverts coming from genuine ad networks and the AdultSwine library. The AdultSwine malware library includes extreme adverts such as hardcore pornographic images. Those images are shown screen without warning.

The scareware states that the victim’s device has been infected with a virus that requires the installation of an anti-malware app from the Google Play Store, although the virus removal tool is a fake app. Users are warned that their phone will be rendered unusable if the app is not installed on the device, with a countdown timer used to create more urgency.

Signing up for premium services requires the user to hand over more information, which is done through pop-up phishing advertisements. The user is told they have won a prize, but that they must supply four questions to claim their prize. The information they supply is used to sign up for premium services.

Stopping Infection of Mobile Devices

In most cases, users can cut the risk of a malware infection by only installing apps from official app stores, although this most recent malware campaign has indicated that even official stores can be compromised and have malicious apps uploaded.

Google does reviews all apps for malware, but new types of malware can get past into Google Play Store on occasion. Google has said that as of the end of January it will be introducing a new service called Google Play Protect that is capable of scanning previously installed apps to ensure they are still safe to use.

Google recommends only installing apps for children that have been verified by Google as being ‘Designed for Families’. Those apps may include adverts, but they have been vetted and strict rules apply covering the advertisements that can be shown.

It is also crucial to download some type of anti-malware solution – from a reputable and well-known firm – that will scan installed content and apps for malware.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone