Trojan ‘Infects Dozens Of Google Play Games’


Researchers found the Android.Xiny.19.origin Trojan in more than 60 games distributed on Google’s Play online shop

Researchers have discovered dozens of games on Google’s Play online shop infected with a Trojan horse capable of running malicious code on a user’s Android device.

More than 60 games on Google Play, under the names of more than 30 game developers, contain the Android.Xiny.19.origin Trojan, according to researchers at IT security firm Dr Web.


The games appear legitimate and function like real games, while installing malicious code in the background, the firm said. The games are listed under the names of developers including Conexagon Studio, Fun Color Games and BILLAPPS, Dr Web said.

Dr Web said it had notified Google but that as of late last week some of the malicious games were still available on Google Play.

“Doctor Web security researchers would like to warn users against installing dubious applications even if they are published on Google Play,” Dr Web said in an advisory.

Upon installation, the Trojan sends details on the infected Android device’s hardware, network and operating system to a command server, including whether a memory card is accessible and the name and location of the app carrying the Trojan.

The Trojan can then download and run malicious APK files of the attackers’ choice, potentially allowing them to take over the system, Dr Web said.

Malicious code hidden in images

In an unusual twist, the malicious APK files are hidden inside of image files, according to the researchers.

“The virus makers presumably decided to complicate the detection procedure expecting that security analysts would not pay attention to benign images,” Dr Web stated.

Upon receiving an image, the Trojan retrieves a hidden APK file using a special algorithm and then executes it, Dr Web said.

While the Trojan currently operates without administrator privileges, the code it downloads could include exploits to gain full control of a system, according to researchers.

The Trojan also displays advertisements, they said.

Google Play has frequently been infiltrated by malicious code hidden in games.

Google said last month it had removed 13 games from the online shop that contained malicious code similar to the Brain Test apps removed in September.

Up to 1 million Android users were affected by the malware, Google said at the time.

In November security researchers said they had found more than 20,000 popular Android applications on third-party app stores that were repackaged with malware that installs non-removable advertising tools. The ad tools were installed in such a way that affected users could be obliged to replace their device.

Are you a security pro? Try our quiz!