Android Users, Beware: 60 Games in Google Play Deemed Malicious

By on

It’s no secret that mobile games are designed to be addictive. Unfortunately, this can be to our disadvantage. It’s all too easy to get carried away in the midst of a competitive game, often resulting in our putting security concerns on the back burner.

Just this week, new malware was found hiding in 60 Android games in the Google Play store, putting countless devices at risk of hijacking. Researchers identified the threat as Android.Xiny.19.origin, and it allowed hackers to steal sensitive information and control the behavior of users’ phones.

While people were busy tilting their phones in a virtual motorcycle race, this malware was operating in the background. It displayed unwanted advertisements and prompted users to install various software, then sending device data to a remote server.

While the exact motivation for the attacks remains unclear, it appears the crooks responsible were playing their own type of game. And what’s worse, they were able to get around Google Play’s safeguards using advanced tactics to bypass detection.

Now traditionally, any device hijacking happens through the insertion of malicious computer code into an application. However, this instance involved a technique known as image file steganography. These rogue games demonstrated Trojan-like functionality, allowing them to download malicious code through in-app images. Simply put: instead of hiding malware, the perpetrators disguised the malware to look like image files—which is how they were able to get past Google’s safety checks.

Despite this incident with Google Play, users do have equal responsibility in protecting against malicious attacks. While Android.Xiny.19.origin was a special instance, the majority of infections from apps are simply the result of downloads from third party marketplaces. It turns out the appeal of mobile games, whether involving laying with virtual cats or arranging colored blocks, is hard to resist. No surprise there.

So, how can you download, and play, mobile app games responsibly and securely?

  • Stay away from third party app stores. Since Google Play is where most Android users shop for mobile games, it’s also where most legitimate developers want to release their apps. If a game is listed elsewhere, be suspicious, and think twice before downloading.
  • Research games before downloading. It only takes a couple minutes to research the name of a mobile game or developer. In today’s fast-paced, digital world, people upload information on the Internet faster than you can beat Level 1. Simple preventative measures, like doing your app research, can go a long way for your security.
  • Use a reliable, mobile security solution. Installing a comprehensive security solution like McAfee Mobile Security can keep your device secure from hackers’ malicious ploys—whether you’re on team iOS or Android.



Categories: Consumer Threat Notices
Tags: , ,

Leave a Comment

Similar articles

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered ...
Read Blog
A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim's contact list. What's more, the author of the Cerberus ...
Read Blog
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions ...
Read Blog