The ads can also appear outside the app.
Google has removed 60 games from the Play Store after security firm Check Point Research informed the search giant that the apps hid malicious code that would, in some circumstances, display pornographic ads. A Google spokesperson told the Financial Times, "We've removed the apps from Play, disabled the developers' accounts, and will continue to show strong warnings to anyone that has installed them". Then there were some ads that tried to trick the user into giving up their phone number by telling them that they had won a prize.
Dupe the user into allowing the app to send premium SMS messages at the victim's expense.
When the malicious code is installed onto your phone, it waits for the user to unlock the device to start the malicious activity.
Such exclusively family-based apps are checked manually by Google for malware and ad content, according to those familiar with the situation, but the AdultSwine code was put out for general release.
The country's biggest lender SBI's official "SBI Anywhere Personal" app is also on the malware's radar.
It might, for example, show an ad claiming "the user is entitled to win an iPhone by simply answering four short questions", Check Point explained.
The full list of infected apps can be found on Check Point's website.
In some cases, the malware would also prompt users to register for premium services - meaning charges would be applied.
Once downloaded, the malicious apps displayed "highly pornographic" pop-up advertisements in a new web page, and attempted to scare users into installing fake security apps.
"Due to the pervasive use of mobile apps, "AdultSwine" and other similar malware will likely be continually repeated and imitated by hackers".