Google Pulls Faux Game Apps

Tuesday, January 16, 2018 @ 09:01 AM gHale

Google removed over 60 game apps from Google Play, as they were found to have inappropriate code that attempted to trick users into installing fake security apps or into signing up for paid premium services.

Check Point researchers first found the apps and they named the threat “AdultSwine.”

Chrome Extensions Hit Users
Meltdown, Spectre Patches in Firefox Release
Chrome Release Offers Site Isolation
Anonymity Becomes Visible in Tor Browser

The threat posed as different game apps – “Drawing Lessons Angry Birds,” “Temple Crash Jungle Bandicoot,” “Draw Kawaii,” the researchers said in a post. The apps have so far been downloaded between 3 million and 7 million times, according to Google Play’s data.

“First, the malicious code contacts its Command and Control server (C&C) to report the successful installation, sends data about the infected device and then receives the configurations, which determine its course of operation,” the researchers said. “These configurations instruct it on whether to hide its icon (to encumber removal), which ads to display, over which apps and on what terms.”

“It is interesting to note that the server, however, forbids ads to be displayed over certain apps such as browsers and social networks, in order to avoid suspicion. As for the ads being displayed, they come from two main sources; the first is that of the main ad providers, which forbid such illegitimate display of their ads. The second is the malicious code’s own ad library, which contains ads of an offensive nature, including pornographic ads. All these are displayed to children while playing the game that the app is masquerading as.”

In addition, the app would show fake virus warnings and push users to install “Goldeness Browser” to remove the threat. (The app does nothing of the kind, and has been suspended from Google Play for using inappropriate marketing tactics to drive installs.)

The third technique applied by the AdultSwine apps concentrated on getting users to sign up for premium services, by offering users an iPhone if they answer several questions and enter their phone number.

After the researchers notified Google of their discovery, the company pulled the apps from Google Play, disabled the developers’ accounts, and will continue to show strong warnings to any users that still have the apps installed.

“Although for now this malicious app seems to be a nasty nuisance, and most certainly damaging on both an emotional and financial level, it nevertheless also has a potentially much wider range of malicious activities that it can pursue, all relying on the same common concept,” the researchers said.

“The malicious code simply receives a target link from its Command and Control server and displays it to the user,” the researchers said. While in some cases this link is merely an advertisement, it could also lead to whatever social engineering scheme the hacker has in mind.”

Leave a Reply

You must be logged in to post a comment.