Wednesday, January 15, 2025
HomeBackdoorTrojan Embedded Game BlazBlue Downloaded by More than Million Android Users from...

Trojan Embedded Game BlazBlue Downloaded by More than Million Android Users from PlayStore

Published on

Security experts from Dr.Web found malicious trojan embedded with popular game BlazBlue and it has been downloaded by Millions of users.

Malicious application dubbed as Android.DownLoader.558.origin as a part of special SDK package named Excelliance. Excelliance is designed to Automate the updates of Android applications.

In contrast with the standard update procedure, when an old version of an application is entirely replaced with a new one, the SDK indicated above allows needed components to be loaded separately without reinstalling the entire software package.Excelliance operates as a loader Trojan because it can download and run unchecked application components. This update process violates Google Play store rules because it is dangerous. says Dr.Web

Also Read Dangerous banking Trojan Steal Banking Credentials

Execution Flow

Once victim launches the Game that embedded with trojan it extracts resources and decrypts that and from there, after that, every time when a user connects to internet Trojan executes itself even though the game no longer launched.

The Trojan connects to C&C server to download all its dependencies and additional components it also downloads separate APK, DEX and ELF files and these files can be launched without user intention.

While installing the APK it shows a dialog box, if it has root access to phone it can process the installation silently. By having complete control over the device attacker can execute whatever commands they can do. They can install any third party applications, advertising modules are any other.

Security experts from Dr.web reported the behavior of Trojan component in SDK to Google and Android.DownLoader.558.origin is still available in play store.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

The QSC Loader service DLL named "loader.dll" leverages two distinct methods to obtain the...

Stealthy Steganography Backdoor Attacks Target Android Apps

BARWM, a novel backdoor attack approach for real-world deep learning (DL) models deployed on...

SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox

UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access...