Google deleted 60 kid-themed apps from its Google Play app store after security firm Check Point found that they contained malware that could display pornographic content, trick users into installing fake "security apps," or induce them to sign up for premium SMS services.
Using Google Play store estimates, Check Point found that the 60 games, with titles like "Drawing Lessons Angry Birds," "Temple Crash Jungle Bandicoot" and "Spinner Fidget Toy," had at least 3.5 million downloads and as many as 7 million (the range is so wide because of how Google provides its publicly available download estimates). Check Point dubbed the malware "AdultSwine," and soon after the security firm alerted Google to the problem, the apps disappeared from the Play store.
"We have a good working relationship with Google's security team," Daniel Padon, a Check Point researcher, tells CNBC.
However, even after Google deleted the apps from Play, the malware will continue to live on in people's phones until they get rid of it.
"We've removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them," a Google spokesperson says. "We appreciate Check Point's work to help keep users safe."
Once a person downloaded one of the infected apps, pop-ups would either alert them that they had a virus and direct them to a fake security app, convince them to enter their phone number through a contest to win an iPhone, or show them pornographic content. The latter is particularly disturbing considering that most of these infected apps were games or drawing tutorials intended to entice kids.
Although the apps would likely be most appealing to kids, Google says that they wouldn't have appeared in what Play calls its Designed for Families section, where it recommends safe, appropriate ads for children. However, the search giant did come under fire earlier this year when YouTube, its video site, allowed disturbing videos to infiltrate its official feeds for children.
Although Google actively scans the Play store for malicious code, policing its vast, ever-evolving catalog of apps is a challenge.
The company is "struggling to keep certain malware outside the App store" because some nasty code can only be detected by dynamically analyzing the context of an app's actions, which is hard to do, a Check Point researcher explains.
"'AdultSwine' and other similar malware will likely be continually repeated and imitated by hackers," Check Point says. "Users should be extra vigilant when installing apps, particularly those intended for use by children."