Malware in Games;47 Games have hidden Trojan

Malware in Games.Through research carried out by Avast, all 47 games that were part of this attack were found to contain code that violated Google Play’s spam and advertising policies . The vast majority had been published under different developer profiles so as not to arouse suspicion, and had been present in the Google Play Store since the beginning of May.

According to the researchers, to carry out this attack campaign, the games would have been published on Google Play hiding their true purpose , or by introducing the malicious code through incremental updates that would arrive once users had already installed the games on their devices. From that moment on, intrusive ads that were difficult to remove began to appear , in addition to hiding the application icon and making it difficult to uninstall. In the table below these lines, it is possible to see some of the games infected with malicious code, which were removed from Google Play after the warning by the researchers:

App name downloads
Draw Color by Number 1,000,000
Skate Board – New 1,000,000
Find Hidden Differences 1,000,000
Shoot Master 1,000,000
Spot Hidden Differences 500,000
Dancing Run – Color Ball Run 500,000
Find 5 Differences 500,000
Joy woodworker 500,000
Throw Master 500,000
Throw into Space 500,000
Divide it – Cut & Slice Game 500,000
Tony Shoot – NEW 500,000
Assassin legend 500,000
Stacking Guys 500,000
Save your boy 500,000
Assassin Hunter 2020 500,000
Stealing Run 500,000
Fly Skater 2020 500,000
Disc Go 500,000

By studying the operation of the malware , it was discovered how some of the apps did serve their purpose , giving users the ability to play the first levels . To do this, once the app was installed, a ten-minute counter was started that allowed the user to play during that time before carrying out their malicious tasks. In case of keeping the mobile unlocked, the counter would be reset to allow the user to continue playing and not raise suspicions.

Once the necessary circumstances were in place to allow the game to carry out its true mission, firstly , the main activity of the game was deactivated , eliminating the icon from the application drawer. From that moment on, intrusive ads began to be displayed in full screen, as well as in banners and notifications .

After a first warning, Google was able to remove 30 of the malicious apps from the Google Play Store. Later, the rest of the apps involved in this campaign were eliminated. From Avast, they offer us a sheet with all the games infected by this Trojan.

 

Leave a Comment