“Adult Swine” – found in apps for children

As always, the researchers at Checkpoint are shedding light on threat that was “lurking in the shadows” for some time now.

For people in a hurry, at the end of the article you can find the TL;DR and the list of apps.

On the 12th of January, Checkpoint has released information about 60 android apps that contained a malicious code hidden inside them. As adults we are all aware about the threats that exists on the internet. Most of us are able to clearly distinguish and identify them, but nowadays children focused apps become the main target of these attackers.

Over 60 apps have been identified to contain the ‘Adult Swine’ code. Although click-baiting and other types of practices have been around for years now, this new type of intrusive and, most of the time, inappropriate ads is one the rise.

Apps infected with “Adult Swine” could cause problems in three ways:

  1. Displaying ads from the web that are often highly inappropriate and pornographic.
  2. Attempting to trick users into installing fake ‘security apps’.
  3. Inducing users to register to premium services at the user’s expense.

Once installed, the app would connect to the their control server and provide several details about the phone on which it has managed to install itself. Moreover, once it connected to the C&C server, the app would hide its icon from the menus.

Offensive ads

The contents of the ads is offensive and, in most cases, pornographic. Furthermore, since it scans the apps that are running on the phone, the infected app will display the ads inside the same window.

The ads seem to come from two main sources:

  • From legitimate advertisers that did not give the consent for the ads to be used in such a way.
  • From a list of ads that the app has stored in library. As you would imagine, the library contains only offensive ads.

I feel the need to reiterate the idea that this is happening while the children are using the app that the code pretends to be.

Installing fake apps

Scareware is a name give to apps informing the user that their phone/device has been infected. Most of us know how to deal with this type of scams, but we must not forget that the targets here are out children.

After being prompted about the infection, the user is advised to install a ‘security app’ that will repair their device. You guess it, the ‘solution’ is just another malicious app.

Premium services

Although, I personally do not link my credit card to my phone, most of my friends are using this practice.  The thing that I find hilarious is that their reason for doing that is ‘It’s easier for me to buy things and order stuff online.’

Now, each of us are entitled to do exactly what they want with their hard earned money, but I do guess that many of us would not like to have it spent of useless apps and services.

But that is not it, even without your banking data the apps can still use other ways to trick people into buying apps or subscribing to unwanted premium services.

It works just like above-described ‘Scareware’ tactic. But in this case, the app tries to bait the user by informing him that he/she won a certain prize. In order to claim it, the user has to provide it with the phone number. Once the phone number is entered, the app will use it to register to premium apps and services for which the user will have to pay.

The good news is that Google has removed most of the apps that have been infected.

The bad new is that all these apps were available on a platform that is trusted by the majority of Android users.


Sixty apps that were aimed at children have been removed by Google from the Playstore. These apps were infected by a piece of code that is now know as ‘Adult Swine’.

The infected apps would display ads that were offensive, and often, pornographic. Furthermore, it also used ‘Scareware’ tactics to trick users in installing fake and malicious apps.

And finally, it would also use the ‘You won a prize, enter your details to claim the prize.’ tactic to trick user into disclosing their phone numbers. With this information, the app would subscribe the user to paid services and apps; resulting in users getting their accounts charged for services they did not want/did not subscribed to.

For the full list, please visit:  Checkpoint

App Name Minimum Downloads Maximum Downloads
Five Nights Survival Craft 1,000,000 5,000,000
Mcqueen Car Racing Game 500,000 1,000,000
Addon Pixelmon for MCPE 500,000 1,000,000
CoolCraft PE 100,000 500,000
Exploration Pro WorldCraft 100,000 500,000
Draw Kawaii 100,000 500,000
San Andreas City Craft 100,000 500,000
Subway Banana Run Surf 100,000 500,000
Exploration Lite : Wintercraft 100,000 500,000
Addon GTA for Minecraft PE 100,000 500,000
Addon Sponge Bob for MCPE 100,000 500,000
Drawing Lessons Angry Birds 50,000 100,000
Temple Crash Jungle Bandicoot 50,000 100,000
Drawing Lessons Lego Star Wars 50,000 100,000
Drawing Lessons Chibi 50,000 100,000


3 thoughts on ““Adult Swine” – found in apps for children

    1. My aim is take these types of news and serve them in an easier to read format. The more parents are informed, the lesser the chances of children being exposed to malicious software.
      You might enjoy other articles posted on this blog.
      Thank you for reading my content!

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s