Google Duo update allows you to call people without the app installed

Kotlin-based Android malware discovered in Google Play Store

Security firm Check Point noticed the problem in over 60 apps; they contained hidden code that can display adult-oriented content, along with fake alerts claiming a virus has infected the device.

If you're interested in reading Check Point's list of affected apps, take a look at its research post for all the details. So far, they've been downloaded between 3 million and 7 million times. Some of the removed games have been downloaded over 1 million times, like Five Nights Survival Craft and McQueen Car Racing Game, based on the Disney Pixar character from the film Cars.

The malware also sought to trick users into installing fake security apps, and could open the door for other attacks such as theft of user credentials, Check Point said.

A security system called Google Play Protect is supposed to defend customers using Google's Android operating system from malicious codes by scanning apps for malware.

"Should the user press the notification of "Remove Virus Now" he is redirected to an app in the Google Play Store with a somewhat questionable connection to virus removal", said the researchers in an analysis.

One father complained to Google that the software had exposed his four-year-old son to "a bunch of thilthy (sic) hardcore porn pictures".

"We've removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them", Google said in an emailed statement.

The inappropriate ads being displayed come from two main sources, Check Point said: mainstream ad providers and the malicious code's own ad library (where the porn ads stem from).

None of the affected apps were part of Google's "Family Link" program, which is the category of recognised kid-friendly apps available across Google's platforms. Then there were some ads that tried to trick the user into giving up their phone number by telling them that they had won a prize.

In some cases, the malware would also prompt users to register for premium services - meaning charges would be applied.

"We advise parents to verify that apps used by their children are categorized as 'Designed for Families" on Google Play'.

Related news: