Alphabet Inc’s Google said on 12 January it took down 60 gaming applications after security firm Check Point said it had discovered new malicious software in the apps available to both children and adults at Google Play Store.
The malicious software displayed pornographic ads and tried to trick users into buying premium services, according to Check Point.
“We’ve removed the apps from Play, disabled the developers’ accounts, and will continue to show strong warnings to anyone that has installed them,” a Google spokesperson said.
Dubbed “AdultSwine”, the malware hides inside game apps that Google Play data says have been downloaded 3 to 7 million times, Check Point said in blog post on 12 January.
The apps weren’t part of the family collection, which is based on a programme to help parents discover age-appropriate content on the Play Store.
The company clarified that the inappropriate ads within the apps were not Google ads.
The malware also sought to trick users into installing fake security apps, and could open the door for other attacks such as theft of user credentials, Check Point said.
It said games and apps intended for children were a new target for cyber criminals that targeted hospitals, businesses and governments in the past.
“The most shocking element of this malware is its ability to cause pornographic ads (from the attacker’s library) to pop up without warning on the screen over the legitimate game app being displayed,” it said.
The games included “Paw Puppy Run Subway Surf”, “Shin Hero Boy Adventure Game,” “Drawing Lessons Lego Ninjago,” and “Addon Sponge Bob for MCPE”.
Check Point said it expected AdultSwine and similar malware to be repeated and imitated by hackers, warning users to be extra vigilant when installing apps, especially those intended for use by children.