Categories: MobilitySecurity

Trojan ‘Infects Dozens Of Google Play Games’

Researchers have discovered dozens of games on Google’s Play online shop infected with a Trojan horse capable of running malicious code on a user’s Android device.

More than 60 games on Google Play, under the names of more than 30 game developers, contain the Android.Xiny.19.origin Trojan, according to researchers at IT security firm Dr Web.

The games appear legitimate and function like real games, while installing malicious code in the background, the firm said. The games are listed under the names of developers including Conexagon Studio, Fun Color Games and BILLAPPS, Dr Web said.

Dr Web said it had notified Google but that as of late last week some of the malicious games were still available on Google Play.

“Doctor Web security researchers would like to warn users against installing dubious applications even if they are published on Google Play,” Dr Web said in an advisory.

Upon installation, the Trojan sends details on the infected Android device’s hardware, network and operating system to a command server, including whether a memory card is accessible and the name and location of the app carrying the Trojan.

The Trojan can then download and run malicious APK files of the attackers’ choice, potentially allowing them to take over the system, Dr Web said.

Malicious code hidden in images

In an unusual twist, the malicious APK files are hidden inside of image files, according to the researchers.

“The virus makers presumably decided to complicate the detection procedure expecting that security analysts would not pay attention to benign images,” Dr Web stated.

Upon receiving an image, the Trojan retrieves a hidden APK file using a special algorithm and then executes it, Dr Web said.

While the Trojan currently operates without administrator privileges, the code it downloads could include exploits to gain full control of a system, according to researchers.

The Trojan also displays advertisements, they said.

Google Play has frequently been infiltrated by malicious code hidden in games.

Google said last month it had removed 13 games from the online shop that contained malicious code similar to the Brain Test apps removed in September.

Up to 1 million Android users were affected by the malware, Google said at the time.

In November security researchers said they had found more than 20,000 popular Android applications on third-party app stores that were repackaged with malware that installs non-removable advertising tools. The ad tools were installed in such a way that affected users could be obliged to replace their device.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

9 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

10 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

11 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

12 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

15 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

16 hours ago