The malicious software uncovered pornographic ads and attempted to trick users into buying added services, according to Check Point.
“We’ve eliminated the apps from Play, disabled the developers’ accounts, and will remain to show strong warnings to anyone that has installed them,” a Google spokesperson said.
Dubbed “AdultSwine”, the malware hides inside play apps that Google Play data says have been downloaded 3 to 7 million times, Check Point said in blog post on Friday.
The apps weren’t part of the group collection, which is based on a plan to help parents discover age-appropriate content on the Play Store.
The company explained that the inappropriate ads within the apps were not Google ads.
The malware also attempted to trick users into installing fake security apps, and could open the opportunity for other attacks such as theft of user credentials, Check Point said.
It said games and apps aimed at children were a new target for cybercriminals that targeted hospitals, businesses, and governments in the past.
“The most shocking portion of this malware is its ability to cause obscene ads (from the attacker’s library) to pop up without advising on the screen over the legitimate game app being displayed,” it said.
The games included “Paw Puppy Run Subway Surf”, “Shin Hero Boy Adventure Game,” “Drawing Lessons Lego Ninjago,” and “Addon Sponge Bob for MCPE”.
Check Point said it anticipated AdultSwine and similar malware to be repeated and duplicated by hackers, warning users to be extra vigilant when installing apps.