Friday, June 21, 2024

Several Malware Games Downloaded by 4,500,000 Android Users From Google Play Store

Several Malware games discovered in Google play store that have been downloaded around 4.5 Million Android users and these malicious games helps to steal various sensitive data from infected users mobile.

Several Modules are identified that has performed Different malicious activities also each module has different unique capabilities.

There are 27 Android gaming apps were listed On this malware module with all the famous gaming category.

The Malware also using steganography method to inject malicious script into the Images file and send it to users to get infected.

Also ReadGhostTeam – Android Malware Stealing Your Facebook Credentials

How does This Android Malware Games Works

A Module called Android.RemoteCode.127.origin will helps to SDK which is basically used for developers communication but further indication reveals that it has some unique capabilities to steal sensitive information and send it to the remote server.

Once it’s Connected to remote servers it has a link to download additional module called  Android.RemoteCode.126.origin.

This New Malicious program download by the Previous module and loaded into victims android mobile and this malicious program is completely obfuscated.

Clip View

A class called DexClassLoader is helping to launch this module, once it’s launched, its established a connection with C&C Server where it will download an image that contains an encrypted trojan file.

Once it launched then it downloads another image from the C&C server. This image also contains an encrypted Trojan (Android.Click.221.origin).

This new Malicious Program will download the javascript file that performs various actions with a loaded page, including simulation of a user clicking on different items, such as links and banners.

According to Dr.Web Researchers, The Trojan provides the script with the possibility to perform various actions on a webpage, including simulating clicks on indicated items. Thus, if the Trojan’s task includes following links and advertisements, cybercriminals profit from inflating website traffic stats and clicking on banners.

Infected Program and Application packages

Program nameApplication package nameVersion
Hero Missioncom.dodjoy.yxsm.global1.8
Era of Arcaniacom.games37.eoa2.2.5
Clash of Civilizationscom.tapenjoy.warx0.11.1
Sword and Magiccom.UE.JYMF&hl1.0.0
خاتم التنين – Dragon Ring (For Egypt)com.reedgame.ljeg1.0.0
perang pahlawancom.baiduyn.indonesiamyth1.1400.2.0
樂舞 – 超人氣3D戀愛跳舞手遊com.baplay.love1.0.2
Fleet Glorycom.entertainment.mfgen.android1.5.1
Kıyamet Kombat Arenacom.esportshooting.fps.thekillbox.tr1.1.4
Love Dancecom.fitfun.cubizone.love1.1.2
Never Find Me – 8v8 real-time casual gamecom.gemstone.neverfindme1.0.12
King of Warship: National Herocom.herogames.gplay.kowglo1.5.0
King of Warship:Sail and Shootcom.herogames.gplay.kowsea1.5.0
Royal flushcom.jiahe.jian.hjths2.0.0.2
Sword and Magiccom.linecorp.LGSAMTHDepends on a device model
Gumballs & Dungeons:Roguelike RPG Dungeon crawlercom.qc.mgden.android0.41.171020.09-1.8.6
Warship Rising – 10 vs 10 Real-Time Esport Battlecom.sixwaves.warshiprising1.0.8
Thủy Chiến – 12 Vs 12com.vtcmobile.thuychien1.2.0
頂上三国 – 本格RPGバトルcom.yileweb.mgcsgja.android1.0.5
Star Legendscom.dr.xjlh11.0.6

All the Malware Games have been informed Google about the detection of the Trojan component in the indicated applications. However, at the moment this news article was posted, they were still available for download. It is recommended that owners of Android smartphones and tablets delete installed games that were installed. Dr.Web said.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles