Google removed around 60 gaming apps from its Play Store containing “a new and nasty malicious code”, several of which are aimed at children, after they were flagged by Check Point Research.
Google Play data shows the apps have been downloaded between 3 million and 7 million times, Check Point Research said, and were hit by malware dubbed AdultSwine. This code displays ads which are “often highly inappropriate and pornographic” and tricks users into installing fake security apps and registering to premium services which they end up paying for.
The malicious code can also be used for other attacks such as user credential theft, the company warned.
“Upon being advised of our findings, Google took prompt action to remove affected apps from Play, disabled the developers’ accounts, and will continue to show strong warnings to any users that still have the apps installed,” the research company said.
Check Point Research stated apps infected with the AdultSwine malicious code can cause emotional and financial distress and, even though Google has removed them for now, similar apps are likely to appear again.
“Users should be extra vigilant when installing apps, particularly those intended for use by children,” the company said.