Researchers have recently found a malware program embedded in Google Play. The program avoided detection by Google’s automated scanning system by masquerading as a different game every day.
The Trojan discovered, Android.Dropdialer, sends incredibly costly text messages to premium-rate phone numbers. Until recently, the Trojan was confined to just European countries. The malware went undiscovered for nearly two weeks while it hid in games. The two main games – Super Mario Bros. and GTA 3 – Moscow City – elicited some 100,000 downloads in the past thirteen days.
“What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered,” Symantec reasearcher Irfan Asrar wrote. “Our suspicion is that this was probably due to the remote payload employed by this Trojan.”
The application games would download in two separate files. One file would contain the game, and while the game was being played, another secret file was downloaded that was used to send the pricy text messages.
Google Bouncer, Google’s automated application scanner that is designed to prevent situations like these, is now considered flawed by its makers. Up until now, Bouncer would scan applications and games looking for discrepancy in the coding. In addition, it would look for suspicious behaviors and more obvious malware and phishing software. In late June, Duo Security employees demonstrated a weakness in Bouncer that allowed them to infiltrate Google Play with benign looking malware that performed malicious activities once downloaded. The recently found Android.Dropdialer exploited a similar loophole.
Google has yet to comment on the matter.
Photo Credit: Flavio Takemoto