Dozens of game apps in the Google Play Store have been found to have been infected with malicious Trojan software called Android.Xiny.19.origin, according to researchers. The malware is designed to download, install and run programs receiving commands from hackers.
According to security researchers at Doctor Web, Android.Xiny infected more than 60 games. Although it failed to name the apps, it says the games were distributed in the Store by over 30 developers such as Conexagon Studio, Fun Color Games and BILLAPPS.
The infected apps very much appear like the original ones. The Trojan starts its malicious activity as the user starts playing a game. Android.Xiny sends information from the infected device to the command and control server including its IMEI identifier and MAC address, the version and current language of the operating system and the mobile network operator's name. The hackers even get access to information about the memory card. The Trojan can download and run arbitrary apk files upon receiving commands from the server.
Malware hides using steganography
The author of the malware hides the malicious program in specially created images by using steganography, a method used to hide information covertly. After receiving an image from the server, Android.Xiny retrieves a hidden apk through a special algorithm and then executes it.
The malware can perform several malicious functions. It prompts users to install different software and can even install or delete applications without the user's consent, provided root access is available. Although, it is yet to gain root privileges, it can install software and download exploits from its server to gain root access.
Doctor Web claims to have already notified Google about this. Users are advised not to download any games from the Store to their Android devices without anti-virus protection.
This is the second malware attack on the Play Store in a month. Earlier in January, cybersecurity firm Lookout spotted the Brain Test malware that affected 13 Android apps. After being aware of this, Google promptly removed the malicious apps from its apps ecosystem.