Antivirus software solutions provider, ESET released a post that its researchers uncovered a trojan that was hidden in a number of games available on Android markets, especially the Google Play store. This ad-serving Trojan was found in many popular games and it has been around for approximately 18 months so far. As indicated in the ESET post on Tuesday, the Android/Mapin trojan packaged applications have been around since 2013.
Even though Google makes use of a fairly effective system known as Google Bouncer for vetting apps before featuring them on Google Play, it doesn?t seem to have worked this time. In an email sent on Tuesday, Lukas Stefanko, one of the researchers at ESET, said that this has most likely occurred on account of certain in-built mechanisms in the app that execute the malicious function after a delay. Very often, the delay was for a day, although this varies according to the app and it went as far as three days in some instances. In all cases studied by ESET, the malware was activated when users complete installation of a Google Play Update or use a Manage Settings application.
Not at all surprisingly, the apps that contain this piece of malware are actually games that work. As a matter of fact, these apps are made to look like popular games such as Candy Crush, Super Hero Adventure and Plants vs. Zombies. It is very clear that large numbers of people have downloaded the games without being aware of the aggressive malware they contained.
While the trojan in question has only been used to push advertisements in an aggressive manner, it is potentially a very dangerous one since it asks for device administrator rights. ESET points out that this particular malware might have been irritating and not exactly dangerous but this can be a major problem in other instances. There is a distinct possibility that the trojan is not yet fully developed and was intended for serious malicious use at a later date.
It is a well-known fact that Android/Mapin contains a number of functionalities that enable it to collect private information about the user of the infected device. Most interestingly, a vast majority of the Android/Mapin trojan infections, a whopping 73.58% of all cases detected, were in India.
Stefanko also said that most users are not able to uninstall apps easily if these apps have active device administrator rights. In fact, it is not possible to install these apps from application manager. The best way to deal with the threat is to start by deactivating administrator right. Users should visit settings, device administrator, and then Google Play Update/Manage Settings in that order. Deactivate should then be selected.
The infection rate of mobiles is 0.75% so far this year, but Android has been experiencing a lot of problems with malware. Google Play has responded by pulling the infected games. Google is also getting all apps and updates reviewed by humans as of March 2015 in order to avoid another occurrence such as this one.