Update: We have received a clarification from ESET, concerning their original report. They have informed us that it were the fake cloned versions of popular games, which were infected with virus and malwares; and loaded into Android OS.
ESET has categorically stated: “We apologize for inconvenience caused by the phrasing to the genuine gaming companies like the King company, producer of Candy Crush Saga and others. At ESET, we are putting in place another review layer for our content, so such misunderstanding does not repeat in the future”
In case any Indian Android user downloaded Plants vs Zombies, Candy Crush or Super Hero Adventure from Google Playstore between November 24-30, 2013 and on November 22, 2014; then there is upto 74% chance that their Android OS has been infected with a virus.
This new, scary fact was revealed by ESet, which is an IT security firm based in Bratislava, Slovak Republic. As per their analysis and research, ESet discovered that hackers were able to install backdoor Trojan virus, malwares and other deadly ingredients directly into the ignorant victim’s smartphone using the official Google Playstore platform.
These viruses has the capability to take control of the users’ phone, and include them as part of an illegal botnet which is under the hacker’s control.
The arcade games which were shrewdly installed on Android smartphones have been found with files named Android/TrojanDropper.Mapin; and the actual Trojan has been installed as Android/Mapin.
How Did This Discovery Happened?
Security analysts at ESet found that some of the popular games downloaded from Google Playstore came bundled with suspicious looking files such as “systemdata” and “resourcea”.
Now, the most interesting part: these files are not automatically installed, but ask the users to install it separately. Using some official sounding name like “Manage Setting” app, the attackers were able to convince thousands of Android users to themselves install Trojan in their smartphones.
The Modus Operandi
Once the virus is installed, it quietly works in the background, without disturbing the user in playing the games.
Acting intelligently, these viruses get activated after 3 days, so that there is no doubt from the end-user. Using complex codes to trigger timers, these viruses work behind the scene, taking control of the infected device, and including the Android OS to work under a criminal botnet, spread globally. It is not yet clear, which illegal activities this botnet was part of, but the possibilities are endless.
Once the full control is being snatched, the virus commands the device to communicate with C&C server, display full screen advertisements on the mobile and work for the illegal botnet.
Considering that Android apps are empowered to send push notifications, access users’ private details and automatically install updates, there are actually several threatening activities which could have been performed, or is being currently performed, without any knowledge of the owner of that device.
Why Google Failed To Detect The Virus?
Google has a program called ‘Bouncer Malware Protection System’, which failed completely to detect the virus when it was available for download on Google Playstore. As per the ESet, this happened because the virus gets activated after 3 days as there are timers included within the ‘bundle’.
These malwares were uploaded on Google Playstore between November 24 to November 30, 2013 and on November 22, 2014. The games which were affected are:
- Hill climb racing the game
- Plants vs zombies 2
- Subway suffers
- Traffic Racer
- Temple Run 2 Zombies
- Super Hero Adventure
Apps such as System optimizer, Zombie Tsunami, tom cat talk, Super Hero adventure, Classic brick game were uploaded by the same publisher (PRStudio) on different Android markets on the same dates, which were again downloaded thousands of times.
These virus infected games were available on Google Playstore for more than a year; and were eventually removed after March, 2015, when Google started manual checking of all uploaded apps.
The report suggests that the best way to avoid such instances, is to ensure that only those apps are downloaded which have been created by reputed developers and companies.
And, having an anti-virus for your smartphone is now not a luxury, but a necessity.
More details about this virus attack and the details about it’s operations can be found here.
"Clones of Candy Crush & Other Popular Games Have Infected Android Users With Malwares & Trojan Viruses: Report",