Trojan Hiding in Games

Researchers at Dr. Web discovered  over 60 games on Google Play store that were infected with Android.Xiny.19.origin trojan.

The Trojan takes the IMEI identifier, MAC address, version and current language of the operating system, and mobile network operator name once a device is infected.

The researcher’s post reads  “The main threat of Android.Xiny.19.origin lies in its capability to download and dynamically run arbitrary apk files upon cyber-criminals’ command,”

The post mentions that a set of exploits from the server can be downloaded through this malware to gain root access to the device for covert installation or deletion of applications. The Trojan has been hidden in Steganography images.

“Unlike cryptography that is used for encryption of source information, which may arouse suspicion, steganography is applied to hide information covertly,”

More than 30 developers including Conexagon Studio, Fun Color Games, BILLAPPS have distributed the infected games. These games can be played but the Trojan will be working in the background while it plays.

It is not recommended to download applications to any devices without antivirus software.

How the malicious applications made it past Google’s screening process is not clear but the  malicious software have still not been removed

Scan your device if you suspect you may have installed any of these games.

Source: Akati

Comments are closed.