Just another day with just another Android malware targeting unsuspecting users on Google Play Store. This time, the IT security researchers at Russian cybersecurity company Dr.Web have discovered a dangerous Android malware hidden in several gaming apps on Play store stealing personal data from users by conducting phishing attacks.
Just Another Android Malware
Dubbed Android.RemoteCode.127.origin by researchers, the malware was found in 27 games that were downloaded more than 4,500,000. Upon infecting an Android device, the malware secretly opens malicious websites and automatically clicks on its content including banners and links by downloading a script from the C&C (command and control) server the purpose of which is to generate revenue through advertisements and links.
Furthermore, the malware uses its capability to drop additional Trojan modules which perform a number of malicious attacks including opening phishing windows and stealing login credential of victims, spams their device with advertisements and downloads other malicious apps without the knowledge or permission of victims.
“It covertly downloads and launches additional modules that perform various malicious actions. For example, they simulate user actions by covertly opening websites and clicking on their items,” said Dr.Web in their blog post.
Google Did Not Remove The Infected Apps
Dr.Web’s blog post was published on January 16th, 2017. The cybersecurity firm informed Google about the presence of malware-infected apps on PlayStore however at the time of publishing this article, Google did not remove any of the apps. Therefore, if you are an Android user, here is a list of the apps and make sure to delete them in case you have downloaded any of them on your device.