Several Malware games discovered in Google play store that have been downloaded around 4.5 Million Android users and these malicious games helps to steal various sensitive data from infected users mobile.
Several Modules are identified that has performed Different malicious activities also each module has different unique capabilities.
There are 27 Android gaming apps were listed On this malware module with all the famous gaming category.
The Malware also using steganography method to inject malicious script into the Images file and send it to users to get infected.
How does This Android Malware Games Works
A Module called Android.RemoteCode.127.origin will helps to SDK which is basically used for developers communication but further indication reveals that it has some unique capabilities to steal sensitive information and send it to the remote server.
Once it’s Connected to remote servers it has a link to download additional module called Android.RemoteCode.126.origin.
This New Malicious program download by the Previous module and loaded into victims android mobile and this malicious program is completely obfuscated.
A class called DexClassLoader is helping to launch this module, once it’s launched, its established a connection with C&C Server where it will download an image that contains an encrypted trojan file.
Once it launched then it downloads another image from the C&C server. This image also contains an encrypted Trojan (Android.Click.221.origin).
According to Dr.Web Researchers, The Trojan provides the script with the possibility to perform various actions on a webpage, including simulating clicks on indicated items. Thus, if the Trojan’s task includes following links and advertisements, cybercriminals profit from inflating website traffic stats and clicking on banners.
Infected Program and Application packages
|Program name||Application package name||Version|
|Era of Arcania||com.games37.eoa||2.2.5|
|Clash of Civilizations||com.tapenjoy.warx||0.11.1|
|Sword and Magic||com.UE.JYMF&hl||1.0.0|
|خاتم التنين – Dragon Ring (For Egypt)||com.reedgame.ljeg||1.0.0|
|樂舞 – 超人氣3D戀愛跳舞手遊||com.baplay.love||1.0.2|
|Kıyamet Kombat Arena||com.esportshooting.fps.thekillbox.tr||1.1.4|
|Never Find Me – 8v8 real-time casual game||com.gemstone.neverfindme||1.0.12|
|King of Warship: National Hero||com.herogames.gplay.kowglo||1.5.0|
|King of Warship:Sail and Shoot||com.herogames.gplay.kowsea||1.5.0|
|Sword and Magic||com.linecorp.LGSAMTH||Depends on a device model|
|Gumballs & Dungeons：Roguelike RPG Dungeon crawler||com.qc.mgden.android||0.41.171020.09-1.8.6|
|Warship Rising – 10 vs 10 Real-Time Esport Battle||com.sixwaves.warshiprising||1.0.8|
|Thủy Chiến – 12 Vs 12||com.vtcmobile.thuychien||1.2.0|
|頂上三国 – 本格RPGバトル||com.yileweb.mgcsgja.android||1.0.5|
All the Malware Games have been informed Google about the detection of the Trojan component in the indicated applications. However, at the moment this news article was posted, they were still available for download. It is recommended that owners of Android smartphones and tablets delete installed games that were installed. Dr.Web said.