'Mummy, what's felching?' Tot gets smut served by Android app

Pornographic malware found in Android apps for kids

Pornographic malware found in Android apps for kids

"We appreciate Check Point's work to help keep users safe".

According to Google Play's data, the affected apps have been downloaded between three million and seven million times - a stark warning that, at times, not even Google Play apps can be trusted.

After Check Point informed Google about the malware, the tech giant worked with the security firm and deleted the apps right away, Check Point said.

Android users should make sure they download apps from known developers and parents of young users are urged to download apps from Google's family program.

Once the infected app is installed on a device, it waits for a user to unlock the screen or start the phone in order to initiate the attack.

AdultSwine can also cost victims money by tricking users into allowing it to send them premium text messages that charge the mobile phone's account.

The researchers also discovered that the malicious code can move laterally within the phone's infrastructure, opening the door for other attacks, such as user password theft.

Google Play has removed 63 apps, many of them children's games, from its store after "inappropriate" adult-themed ads would appear as a result of malware.

Check Point says the "malicious code's own ad library... contains ads of an offensive nature, including pornographic ads". Once entered, the malicious code then uses this number to register to premium services.

It might, for example, show an ad claiming "the user is entitled to win an iPhone by simply answering four short questions", Check Point explained.

The affected gaming apps included at least one which may have had up to 5,000,000 downloads - Five Nights Survival Craft - as well as many others which had between 50,000 and 500,000 downloads.

Effective protection from attack by these malware-infected games requires users to install advanced mobile threat defence on all mobile devices. The apps contained code dubbed "AdultSwine", Check Point Research said Friday.

The AdultSwine malware was also capable of vacuuming up login credentials, according to Check Point, which would have been transferred back to a server under the malicious hackers' control.

Latest News