As always, the researchers at Checkpoint are shedding light on threat that was “lurking in the shadows” for some time now.
For people in a hurry, at the end of the article you can find the TL;DR and the list of apps.
On the 12th of January, Checkpoint has released information about 60 android apps that contained a malicious code hidden inside them. As adults we are all aware about the threats that exists on the internet. Most of us are able to clearly distinguish and identify them, but nowadays children focused apps become the main target of these attackers.
Over 60 apps have been identified to contain the ‘Adult Swine’ code. Although click-baiting and other types of practices have been around for years now, this new type of intrusive and, most of the time, inappropriate ads is one the rise.
Apps infected with “Adult Swine” could cause problems in three ways:
- Displaying ads from the web that are often highly inappropriate and pornographic.
- Attempting to trick users into installing fake ‘security apps’.
- Inducing users to register to premium services at the user’s expense.
Once installed, the app would connect to the their control server and provide several details about the phone on which it has managed to install itself. Moreover, once it connected to the C&C server, the app would hide its icon from the menus.
The contents of the ads is offensive and, in most cases, pornographic. Furthermore, since it scans the apps that are running on the phone, the infected app will display the ads inside the same window.
The ads seem to come from two main sources:
- From legitimate advertisers that did not give the consent for the ads to be used in such a way.
- From a list of ads that the app has stored in library. As you would imagine, the library contains only offensive ads.
I feel the need to reiterate the idea that this is happening while the children are using the app that the code pretends to be.
Installing fake apps
Scareware is a name give to apps informing the user that their phone/device has been infected. Most of us know how to deal with this type of scams, but we must not forget that the targets here are out children.
After being prompted about the infection, the user is advised to install a ‘security app’ that will repair their device. You guess it, the ‘solution’ is just another malicious app.
Although, I personally do not link my credit card to my phone, most of my friends are using this practice. The thing that I find hilarious is that their reason for doing that is ‘It’s easier for me to buy things and order stuff online.’
Now, each of us are entitled to do exactly what they want with their hard earned money, but I do guess that many of us would not like to have it spent of useless apps and services.
But that is not it, even without your banking data the apps can still use other ways to trick people into buying apps or subscribing to unwanted premium services.
It works just like above-described ‘Scareware’ tactic. But in this case, the app tries to bait the user by informing him that he/she won a certain prize. In order to claim it, the user has to provide it with the phone number. Once the phone number is entered, the app will use it to register to premium apps and services for which the user will have to pay.
The good news is that Google has removed most of the apps that have been infected.
The bad new is that all these apps were available on a platform that is trusted by the majority of Android users.
Sixty apps that were aimed at children have been removed by Google from the Playstore. These apps were infected by a piece of code that is now know as ‘Adult Swine’.
The infected apps would display ads that were offensive, and often, pornographic. Furthermore, it also used ‘Scareware’ tactics to trick users in installing fake and malicious apps.
And finally, it would also use the ‘You won a prize, enter your details to claim the prize.’ tactic to trick user into disclosing their phone numbers. With this information, the app would subscribe the user to paid services and apps; resulting in users getting their accounts charged for services they did not want/did not subscribed to.
For the full list, please visit: Checkpoint
|App Name||Minimum Downloads||Maximum Downloads|
|Five Nights Survival Craft||1,000,000||5,000,000|
|Mcqueen Car Racing Game||500,000||1,000,000|
|Addon Pixelmon for MCPE||500,000||1,000,000|
|Exploration Pro WorldCraft||100,000||500,000|
|San Andreas City Craft||100,000||500,000|
|Subway Banana Run Surf||100,000||500,000|
|Exploration Lite : Wintercraft||100,000||500,000|
|Addon GTA for Minecraft PE||100,000||500,000|
|Addon Sponge Bob for MCPE||100,000||500,000|
|Drawing Lessons Angry Birds||50,000||100,000|
|Temple Crash Jungle Bandicoot||50,000||100,000|
|Drawing Lessons Lego Star Wars||50,000||100,000|
|Drawing Lessons Chibi||50,000||100,000|