Secondly, the malware attempts to scare you into installing fake security apps, which again may lead to more security problems for your phone because you don't know where these apps come from and may have other malware embedded in them.
Check Point wrote that according to Google Play's data, the apps have been downloaded between three and seven million times. The attacker then chooses what action to take from those mentioned above and then displays it on the owner's device.
A particularly nasty strain of malware - "AdultSwine" - has infected up to 60 apps on Google Play Store, placing pornographic material on them. Google does automated malware scanning of apps submitted to the Play Store, leading to a continual cat-and-mouse game of malicious developers working to beat the filters in various ways.
Such exclusively family-based apps are checked manually by Google for malware and ad content, according to those familiar with the situation, but the AdultSwine code was put out for general release.
As well as throwing up explicit content, AdultSwine also attempted to trick users into downloading other apps, including dodgy "security" apps that, ironically, promised to help protect the device against malicious content.
Displaying ads from the web that are often highly inappropriate and pornographic. If the victim gives the phone number, the malware starts sending premium SMS messages, charging the user. However, Check Point didn't explain how the malicious code found its way inside otherwise-innocuous apps, but it did demonstrate how the attack worked once the game was downloaded. I'm not saying it's easy but perhaps there's a case to be made for more rigourous checking of apps to ensure they only behave as prescribed.
"We have eliminated the programs from Play, disabled the programmers" accounts, and will continue to show strong warnings to anyone that has installed them", a Google spokesperson said on Friday.
The most popular apps were a game called 'Five Nights Survival Craft' which had been downloaded five million times.
Once the malicious app is installed on the device, it waits for a boot to occur or for a user to unlock his screen, upon which it initiates its malicious activity, they said.