MASTER-BAIT-AND-SWITCH

‘AdultSwine’ Malware Floods Kids’ Phone Games With Porn

Behind the cartoon puppies was hardcore porn.

Photo Illustration by The Daily Beast

The apps had kid-friendly names like “Paw Puppy Run Subway Surf” and “Drawing Lessons Lego Star Wars.” But behind the cartoon puppies was hardcore porn.

On Friday, Google yanked over 60 games from its app store, after they were discovered to contain a malware called “AdultSwine” that flooded users’ screens with pornography and misleading popups that attempted to steal personal information and sign up for recurring fees. The apps, which were first spotted by the security research group Check Point, racked up millions of downloads before Google pulled them from its store.

“We’ve removed the apps from Play, disabled the developers’ accounts, and will continue to show strong warnings to anyone that has installed them,” Google said in a statement. “We appreciate Check Point’s work to help keep users safe.”

A spokesperson told The Daily Beast that the games had not been offered under Google Play’s “Designed for Families” section, which offers stricter screening for children’s content.

But some children still got their hands on the porn-infected apps, to parents’ horror. “Don’t install for your kids,” one parent warned in a one-star for an infected app in November. “I did and my son opened it and a bunch of [filthy] hardcore porn pictures popped up, not good at all my son is only 4 so please parents beware don’t install it.”

The pornography was part of a malware called “AdultSwine,” which attempted to swindle users by making them click links that stole their identifying details and signed them up for paid services. Some of the links were disguised as security warnings that urged users to click a button to “Remove Virus Now”. Others prompted user to click for “NEW UNCENSORED PHOTOS OF KIM KARDASHIAN.”

Once the malware infected a phone, its sent data about the device back to a central server, and sometimes hid the app’s icon on a phone screen, to make the infected game harder to delete, Check Point found.

While the games were not explicitly marketed at children, young users might have been more likely to play them or fall for the phishing campaigns inside.

In multiple cases, the apps appeared to be modeled on popular games of similar names. Malware-infected games like “Paw Puppy Run Subway Surf,” “Blockcraft 3D,” “Temple Bandicoot Jungle Run” were knockoffs of hugely popular games like “Subway Surfers,” “Minecraft,” and “Temple Run”. A child looking to download the popular game “PlayerUnknown's Battlegrounds” could have easily downloaded the infected “Players Unknown Battle Ground” by mistake.

Other infected games had titles that mashed up the names of other popular apps, in an apparent bid to show up high in search results, leading to buzzword-heavy titles like “Fidget Spinner For Minecraft” and “Drawing Lessons Subway Surfers”.

In stilted English, the game “Paw Puppy Run Subway Surf” attempted to convince users it was a legitimate and popular app among American children.

“This smash-hit Paw Puppy Run Subway Surf, is so famous between children and kids in united states of america, brazil and mexico,” the now-deleted app’s description read.

Get The Beast In Your Inbox!

Daily Digest

Start and finish your day with the top stories from The Daily Beast.

Cheat Sheet

A speedy, smart summary of all the news you need to know (and nothing you don't).

By clicking “Subscribe,” you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

The game was one of several malware-infected apps produced by the developer Roxan Apps. Roxan disappeared from the web completely after Google disabled their account last week. But the company did swift business while it was active. Starting in late 2017, Roxan produced three infected games, which were downloaded between 610,000 and 1,550,000 times, Google Play data shows.

As many as 1,000,000 of those downloads were for Roxan’s most popular app, “Mcqueen Car Racing Game.” A cached version of the game’s permissions requirements reveals that, in order to play, a user needed to surrender personal information about their device.

“This permission allows the app to determine the phone number and device IDs,” the permission description read.

The permission, which young users likely overlooked, may have cost users money and privacy. Check Point found that AdultSwine was collecting users’ phone numbers and using them to sign up for paid services.

But before they flooded users with porn and scraped their phone numbers, the creepy apps seemed like innocent games.

“Our Paw Puppy Subway Patrol has been alert with the danger of enemy that will destroy the animals,” the game’s description read. “VERY suitable for COOL KIDS, CHILDREN, BOYS AND GIRLS from all AGES !!!”