Categories: MobilitySecurity

Trojan ‘Infects Dozens Of Google Play Games’

Researchers have discovered dozens of games on Google’s Play online shop infected with a Trojan horse capable of running malicious code on a user’s Android device.

More than 60 games on Google Play, under the names of more than 30 game developers, contain the Android.Xiny.19.origin Trojan, according to researchers at IT security firm Dr Web.

The games appear legitimate and function like real games, while installing malicious code in the background, the firm said. The games are listed under the names of developers including Conexagon Studio, Fun Color Games and BILLAPPS, Dr Web said.

Dr Web said it had notified Google but that as of late last week some of the malicious games were still available on Google Play.

“Doctor Web security researchers would like to warn users against installing dubious applications even if they are published on Google Play,” Dr Web said in an advisory.

Upon installation, the Trojan sends details on the infected Android device’s hardware, network and operating system to a command server, including whether a memory card is accessible and the name and location of the app carrying the Trojan.

The Trojan can then download and run malicious APK files of the attackers’ choice, potentially allowing them to take over the system, Dr Web said.

Malicious code hidden in images

In an unusual twist, the malicious APK files are hidden inside of image files, according to the researchers.

“The virus makers presumably decided to complicate the detection procedure expecting that security analysts would not pay attention to benign images,” Dr Web stated.

Upon receiving an image, the Trojan retrieves a hidden APK file using a special algorithm and then executes it, Dr Web said.

While the Trojan currently operates without administrator privileges, the code it downloads could include exploits to gain full control of a system, according to researchers.

The Trojan also displays advertisements, they said.

Google Play has frequently been infiltrated by malicious code hidden in games.

Google said last month it had removed 13 games from the online shop that contained malicious code similar to the Brain Test apps removed in September.

Up to 1 million Android users were affected by the malware, Google said at the time.

In November security researchers said they had found more than 20,000 popular Android applications on third-party app stores that were repackaged with malware that installs non-removable advertising tools. The ad tools were installed in such a way that affected users could be obliged to replace their device.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

8 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

9 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

11 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

11 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

12 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

13 hours ago