Plants vs Zombies , Candy Crush or Super Hero Adventure are just some of the titles that pirates used to distribute malware, said the security firm ESET.
The malware got on Google Play between 24 and 30 November 2013 and 22 November 2014. Eventually, the Trojans were removed from the store, but spent almost a year and a half they were detected, ESET said.
“Perhaps because of this and other similar cases, Google announced that from March 2015, all applications and updates must go through a human review”, he stressed the company .
Android users in India are currently the most affected, with 73.58% of observed detections.
This Trojan was able to sneak in Google Play and several markets Android alternative by the following games: Plants vs Zombies , Plants vs Zombies 2 , Metro Suffers , Traffic Racer , Temple Run 2 Zombies , Super Hero Adventure , Candy Crush , Jewel Crush and Racing Rivals , among others.
ESET found that the games also installed an application that, despite looking like a normal game, contains an additional element with little seeped features as usual is packaged in another application called SystemData or resourceA.
The packaged application is inadvertently placed in the device and you need to ask permission to activate the user. Therefore it is requesting permission to install, pretending to be the Manage Settings (Manage configuration) application or an update of Google Play. After installation, it is running as a background service.
games ESET detected this Trojan installed as Android / TrojanDropper.Mapin and the Trojan itself as Android / Mapin .
The malware is able to take control of user devices and make them part of a botnet (network of zombie computers) under the attacker’s control.
On the other hand, Android / Mapin has an addition that makes detection more difficult. Work with a timer that delays the execution of malicious component so that victims do not suspect that is the game which infects the device .
“Some variants of Android / Mapin take a minimum of three days to achieve full functionality of the Trojan. This may be one reason why TrojanDownloader was able to evade the system to prevent malware from Google, “said Lukáš Stefanko, Malware Researcher at ESET.
The best practices to avoid downloading malware from the official Google store are to download applications from trusted developers and read comments from people who already are using. We must also consider whether an application requesting permission for installation are justified.
No comments:
Post a Comment