Security researchers from Symantec has revealed two new trojan game apps in Google play. These apps are titles as as “Super Mario Bros.” and “GTA 3 Moscow City”. These apps were posted on Google Play Store on 24th June and received more than 50,000 downloads.
It is really strange that this trojan stayed for such a long time in Google Play. Researchers says that it may be due to the remote payload employed by this Trojan.
Remote payload is the process to avoid detection. In this method, developer only load 1st component of the app which does not contain any malicious code. When a user installs this app, it prompts user for activation. After getting approval from user, it then install additional package from te remote server called activator.apk. This package is like other android app but needs permission to send SMS.
After this, app sends SMS on premium rates from Beeline or Mobile TeleSystems networks. After sending SMS, it prompts to uninstall itself.
This is a strange malware app and now it has been removed from the Google Play Store. It remains undetectable because it does not have any malicious behaviour in the original app posted on Google Play Store. Developer only need to convince users to install second payload. I do not think this will be a problem since many users click on OK button without thinking anything. They are in hurry to play games.
So Android users are advised to take extra care before downloading any kind of app or game from store. Always see what permission this device needs to access. If devices requires access to send SMS or call, you must think twice before installation. Why a game is requesting to send SMS or call? It is the clear indication of malicious behavior. Trusted sources are also risky, so you need to follow security steps for your security.
