Android malware pushes Kim Kardashian porn pop-up to children's gaming apps

Malicious code that displays pornographic advertising on Android applications, including several intended for use by children, has been found lurking in 60 gaming apps on Google Play.

Cybersecurity experts from Check Point said in a report on Friday (12 January) that the infected pieces of software had been downloaded between three and seven million times.

Dubbed 'AdultSwine', the code not only uses porn ads to help generate monetised clicks, but also tries to scare users into installing fake security services and dupe victims into letting the app send premium texts – which are then charged to the user's account.

The developers of the code created it to "move laterally" within the device which, according to Check Point's blog post, could lead to passwords being compromised.

One pop-up presented to victims displayed an image of Kim Kardashian posing in bed, promising viewers "new leaked pictures" if they clicked a "subscribe" button.

Another was spotted claiming that the phone had been "infected with viruses" that would "corrupt the sim card". In that instance, the button was titled with a seductive: "Remove virus now".

"'AdultSwine' is a particularly insidious malware able to cause emotional distress and financial fraud. It also has a much wider range of malicious activities it could potentially pursue," Check Point said.

"The malware simply receives a target link from its command and control (C&C) server and displays it to the user," the researchers continued. "While in some cases this link is merely an advertisement, it could also lead to whatever social engineering scheme the hacker has in mind.

"It's insidious as it originates in apps downloaded from trusted sources such as Google Play."

After being informed, Google removed the software from its official marketplace. Some of the gaming apps were named San Andreas City Craft, Addon Sponge Bob for MCPE, McQueen Car Racing Game and Subway Banana Run Surf. Each had a minimum of 100,000 downloads.

Google said it will show "strong warnings" to users who still have the dodgy software installed.