Apps displaying pornographic ads have been detected on Google Play

In the past, cybercriminals attacked companies, hospitals and governments; today we can see how children's games and applications start to be targeted. Check Point researchers have discovered a new malicious code placed on Google Play, which is hiding in around 60 apps for children's games. According to Google Play store data, these applications have been downloaded from 3 to 7 million times.

A malicious application called AdultSwine (adult pig) causes damage as follows:

  • Displays ads, often very inappropriate for children or even pornographic; Stinks users and encourages them to download fake virus removal applications; Encourages the user to register on premium services that generate user costs
  • In addition, malicious code can move across the phone's infrastructure, opening it to other attacks, such as stealing login credentials.

Mode of action

As soon as the infected application is installed on the device, it waits for the phone to reboot or to unlock the screen to start the attack. The attacker then chooses which of the three actions mentioned above will be performed and displayed on the user's screen.

The behavior of adultswine.

Inappropriate and pornographic ads

The most shocking part of this malware is that it causes pornographic ads (coming from the attacker's library) to pop up without warning on the screen covering the application with the game for children.

A mild example of the ad being shown and a parent's commentary on a four-year victim.

Scareware (scare - scare, ware - from software - software)

Another method of malware is to scare users to install unnecessary and harmful "security applications". First, the malware displays a misleading advertisement that informs the user that his device has been infected with a virus. After clicking "Delete virus now", the user is redirected to another application in the Google Play store that pretends to be a virus removal program. This is really another malware.

Messages displayed to users to download fake applications.

Sending Premium SMSes

The third of AdultSwine's malicious methods is charging the victim's account with fake premium service notifications they did not order.

In a similar way to scareware, malicious software initially displays a pop-up with an ad that informs the user that he has won the iPhone and that his phone number is needed to receive the prize. If the user provides his number, the malware sends premium SMSes added to the phone bill.


AdultSwine is a tedious malware that can cause emotional and financial damage. It also has much wider possibilities to use. Due to the ubiquitous use of mobile applications, attacks such as AdultSwine and the like will be repeated, and hackers will try to prey on uninformed users, including children.

Effective protection against this type of malware requires the installation of mobile protection.


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.