In addition, the malware tried to get users to install fake security apps, themselves often ridden with malware, or register for a premium service using their phone number.
Researchers have found a batch of over 60 malware-carrying apps in Google's Play Store created to rob mobile users or show them pornography, all with a kid-friendly theme. Check Point has a full list of the names to 63 malicious apps here.
Dubbed "AdultSwine", the malware hides inside game apps that Google Play data says have been downloaded 3 to 7 million times, Check Point said in blog post on Friday.
After Check Point informed Google about the malware, the tech giant worked with the security firm and deleted the apps right away, Check Point said. All of these are displayed to children on a rotating basis while they play the infected games. Many users left reviews on the Google Play Store for some of the apps.
One father complained to Google that the software had exposed his four-year-old son to "a bunch of thilthy (sic) hardcore porn pictures".
Such exclusively family-based apps are checked manually by Google for malware and ad content, according to those familiar with the situation, but the AdultSwine code was put out for general release.
The malware also sought to trick users into installing fake security apps, and could open the door for other attacks such as theft of user credentials, Check Point said.
The inappropriate ads being displayed come from two main sources, Check Point said: mainstream ad providers and the malicious code's own ad library (where the porn ads stem from).
Google does have a safety feature called Google Play Protect, which checks apps when you download them and periodically scans your device for harmful apps to remove them. If the user clicks through, the malicious code eventually asks him to enter his phone number to receive the "prize", which, of course, is a ploy. While most apps on the store are easy to use, very few support transfer of call logs, messages, photos etc. Google too has its proprietary backup system. It also meant to get users to buy worthless premium services, the researchers found.