{"id":14326,"date":"2018-01-15T09:41:10","date_gmt":"2018-01-15T14:41:10","guid":{"rendered":"http:\/\/www.thundercloud.net\/infoave\/new\/?p=14326"},"modified":"2018-01-15T09:41:10","modified_gmt":"2018-01-15T14:41:10","slug":"if-you-have-children-or-grandchildren-read-this","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/if-you-have-children-or-grandchildren-read-this\/","title":{"rendered":"If You Have Children or Grandchildren Read This"},"content":{"rendered":"<h1>If You Have Children or Grandchildren Read This<\/h1>\n<p>Researchers at Check Point have discovered malware in apps aimed at children which display porn advertisements, encourage installation of fake security software, and steal personal information and credentials.<\/p>\n<p>The apps were available from Google Play and since the report (featured below) was published, Google has removed the apps and the developer&#8217;s account.<\/p>\n<p>If you have children or grandchildren who have smartphones or tablets, please read the article by Check Point.<\/p>\n<div class=\"td-post-header td-container\">\n<div class=\"td-post-featured-image td-image-gradient\">\n<header class=\"td-pb-padding-side\">\n<blockquote>\n<h2 class=\"entry-title\">Malware Displaying Porn Ads Discovered in Game Apps on Google Play<\/h2>\n<div class=\"meta-info\"><span class=\"td-post-date\"><time class=\"entry-date updated td-module-date\" datetime=\"2018-01-12T06:00:02+00:00\">January 12, 2018<\/time><\/span><\/div>\n<\/blockquote>\n<\/header>\n<\/div>\n<\/div>\n<div class=\"td-container\">\n<div class=\"td-container-border\">\n<div class=\"td-pb-row\">\n<div class=\"td-pb-span8 td-main-content\" role=\"main\">\n<div class=\"td-ss-main-content\">\n<div class=\"td-post-content td-pb-padding-side\">\n<blockquote><p>Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside around 60 game apps, several of which are intended to be used by children. According to Google Play\u2019s data, the apps has so far been downloaded between 3 million and 7 million times.<\/p>\n<p><strong>How It Works<\/strong><\/p>\n<p>Dubbed \u2018AdultSwine\u2019, these malicious apps wreak havoc in three possible ways:<\/p>\n<ol>\n<li>Displaying ads from the web that are often highly inappropriate and pornographic.<\/li>\n<li>Attempting to trick users into installing fake \u2018security apps\u2019.<\/li>\n<li>Inducing users to register to premium services at the user\u2019s expense.<\/li>\n<\/ol>\n<p>Apart from these current three main activities, the malicious code can use its infrastructure to broaden its goals to other purposes, such as credential theft.<\/p>\n<p><a href=\"https:\/\/research.checkpoint.com\/wp-content\/uploads\/2018\/01\/diagram-3.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-18334 td-animation-stack-type0-1\" src=\"https:\/\/research.checkpoint.com\/wp-content\/uploads\/2018\/01\/diagram-3.jpg\" alt=\"\" width=\"715\" height=\"461\" \/><\/a><\/p>\n<p><em><strong>Figure 1:<\/strong>\u00a0AdultSwine operation flow<\/em><\/p>\n<p>Once the malicious app is installed on the device, it waits for a boot to occur or for a user to unlock his screen, upon which it initiates its malicious activity.<\/p>\n<p><strong>Illegitimate and Inappropriate Ads<\/strong><\/p>\n<p>First, the malicious code contacts its Command and Control server (C&amp;C) to report the successful installation, sends data about the infected device and then receives the configurations, which determine its course of operation. These configurations instruct it on whether to hide its icon (to encumber removal), which ads to display, over which apps and on what terms. It is interesting to note that the server however forbids ads to be displayed over certain apps such as browsers and social networks, in order to avoid suspicion&#8230;<\/p><\/blockquote>\n<p><a><u>Please read the rest of the article by Check Point which contains more information about the malware as well as a list of the names of the apps that delivered the malware.<\/u><\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>If You Have Children or Grandchildren Read This Researchers at Check Point have discovered malware in apps aimed at children which display porn advertisements, encourage installation of fake security software, and steal personal information and credentials. The apps were available from Google Play and since the report (featured below) was published, Google has removed the apps and the\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.thundercloud.net\/infoave\/new\/if-you-have-children-or-grandchildren-read-this\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":13950,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1655,101,1426,1680,1656,1654,1674],"tags":[1676,2106,138,2105,14],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/14326"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=14326"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/14326\/revisions"}],"predecessor-version":[{"id":14327,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/14326\/revisions\/14327"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media\/13950"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=14326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=14326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=14326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}