Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play

  /     /     /  
Publicated : 22/11/2024   Category : security


Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play


ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush.



A newly discovered mobile sneak attack has taken aim at casual gaming fans with a ploy to repackage mobile Trojans with games on Google Play that look like popular titles: Plants vs. zombies, Candy crush, Jewel crush, and Super Maria Adventure, are among some of these malicious apps. While theyve now been taken off the Google Play store, these Trojanized apps were there for a year-and-a-half and remain proliferated in third-party app stores.
Introduced to Google Play as early as 2013, the Trojanized apps silently drop another app called
systemdata
or
resourcea
with permission from the user -- by masquerading as a request to install a Manage Settings app. Its real identity is a Trojan called Android/Mapin, which runs thereafter on the infected device in the background as a service.
[By 2020 there will be 25 billion Internet of Things devices...all full of vulnerabilities. What can we do to solve the problem now? Dont miss
the next episode of Dark Reading Radio, Fixing IoT Security,
this Wednesday, Sep. 23 at 1 p.m. Eastern Time.]
This piece of malware is a backdoor Trojan designed to put infected devices under the thumb of a botmaster. Interestingly, with Trojanized apps growing in popularity, the creator of Mapin built in the means of flying under the radar of gamers who might be suspicious of their new apps.
The Trojan sets timers that delay the execution of the malicious payload. This is to make it less obvious that the trojanised game is responsible for the suspicious behavior, explains Lukáš Štefanko, malware researcher at ESET. In some variants of this infiltration, at least three days must elapse before the malware achieves full Trojan functionality.
ESET researchers believe this delay probably is what also made it possible to evade Googles Bouncer malware prevention system. Mapin contains functionalities to push notifications, download, install, and launch apps and get access to private information on the device. Its primary reason for existence, though, seems to be displaying full-screen ads on the infected device.
It can enable or disable interstitial or banner ads, change the publisher ID for displayed ads, choose whether or not to display ads to the user, change the delay time between ads being shown, install, download and launch applications, push notifications, revoke device admin rights, change the server with which the malware communicates, and create shortcuts on the home screen to URLs that install downloaded applications, explains Štefanko.
According to ESET, Mapins rise is a good lesson in only trusting applications from well-known and respected publishers.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play