It seems as if everyday we have another report of a malware threat invading the Android ecosystem. Well unfortunately, today is no different. The folks over at Symantec identified a new malware that made it into the Google Play store. The threat was disguised as two popular gaming titles “Super Mario Bros.” and “GTA 3 Moscow City”. Both were added to the Google Play store on June 24th and it’s estimated that they were downloaded approximately 50,000 – 100,000 times.
The malware spent a bit of time in the Play store before being identified, thus responsible for the volume of downloads reported. Symantec surmises that this was due to a remote payload technique employed by this type of Trojan. The approachallows the creator of the malicious app to break it into separate, staged payloads to avoid detection during the automated QA screening process. In the case of this malware app, the first stage was to post on Google Play. Once downloaded and installed, it would then download an additional package, hosted on Dropbox, called ‘Activator.apk’.
This additional package sends SMS messages to a premium-rate mobile number. It then prompts the user to uninstall itself after sending out the SMS messages. Apparently, this is an attempt at hiding the true intent of the malicious app. The premium SMS number is said to be targeted somewhere in Eastern Europe.
Upon Symantec notifying the Android Security team, the malware threat was immediately revoked and removed from the Google Play store. If you believe you were impacted by this Trojan, I would suggest immediate removal of the app from your device.
We can never be too careful with our devices, even when we do everything in our power to use trusted sources to secure our apps. In this case it would have been difficult for the average user to detect. Nevertheless, I can’t stress enough how important it is to use reputable app stores such as Google Play and Amazon to download apps. In addition, be sure to read those permissions before initiating a download. They are important and many users pay no mind to them until it’s too late.