Researchers have uncovered a new Android trojan that has targeted dozens of games in the official Google Play Store and which relies on steganography to dynamically run arbitrary APK files.
On Thursday, Russian anti-virus company Dr Web published a blog post about Android.Xiny.19.origin, malware which has incorporated itself into more than 60 Android-based games developed by Conexagon Studio, Fun Color Games, BILLAPPS, and some 30 other companies.
Though Dr Web has notified Google of the Trojan, many of the games remain active on the official Play Store as of this writing.
The infection process begins as soon as the user begins playing the game, as Dr Web’s research team explains:
“Android.Xiny.19.origin sends the following information on the affected device to the server: its IMEI identifier and MAC address, a version and a current language of the operating system, and mobile network operator name. What is more, cybercriminals get information about accessibility of a memory card, name of an application, which the Trojan is incorporated into, and whether this application is in the system folder.”
These capabilities notwithstanding, the trojan derives its true might from the ability to dynamically run arbitrary APK files. Android.Xiny.19.origin receives these malicious programs from seemingly benign image files that computer criminals have modified using steganography. A special algorithm helps the malware retrieve these files. It then loads it into the device’s RAM using the DexClassLoader class.
Besides running APK files, the Trojan can download applications and prompt the user to run malicious software as well as display annoying advertisements.
But it gets worse, explains Dr Web:
“Android.Xiny.19.origin is not yet able to gain root privileges. However, given that the Trojan is mainly designed to install software, it can download a set of exploits from the server in order to gain root access to the device for covert installation or deletion of applications.”
With this threat in mind, all Android users should think carefully before installing any application that might seem dubious.
This advice holds if the app is distributed via the official Google Play Store and especially if it is hosted on a third-party site. Installing an anti-virus solution on your mobile device can help spot unwelcome guests hiding in your new smartphone game.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.