- ‘Penis fish’ memes erupt after worms wash up on California coast Friday 5:58 PM
- Why Britons are tweeting ‘Little England’ in wake of the U.K. election Friday 3:22 PM
- Net neutrality advocates ask for rehearing on federal court decision Friday 2:29 PM
- Americans are sharing their #PrivateHealthLIFEhacks to help Brits Friday 2:28 PM
- Warren, Sanders, Yang pledge to skip next week’s debate over union dispute Friday 2:12 PM
- How to watch tonight’s Nets vs. Raptors matchup on NBA TV Friday 2:00 PM
- Alt-right comedian Owen Benjamin banned from Instagram over anti-Semitic memes Friday 1:55 PM
- TikTok teens are procrastinating with #FinalsWeek Friday 1:46 PM
- ‘The Mandalorian’ takes on a prison break in episode 6 Friday 1:30 PM
- Nick Cannon vs. Eminem battle expected to escalate after ‘off-limits’ daughter diss Friday 12:50 PM
- Laura Loomer vehemently denies being author of new Laura Loomer-themed action novel Friday 12:30 PM
- PewDiePie’s poop-inspired game gets banned by Apple Friday 11:29 AM
- ‘Game of Thrones’ showrunners to adapt ‘Lovecraft’ graphic novel to screen Friday 11:00 AM
- The 50 memes that defined the decade Friday 10:45 AM
- Venmo users are getting harassed with fraudulent payment requests Friday 10:38 AM
A sneaky Android virus infected apps in the Google Play Store and third-party markets
Infected apps included fakes of popular games like Candy Crush.
Some of Android‘s most popular games have been tainted by a virus installed in fake versions of the games that lets hackers take control of victims’ phones and add them to a botnet, according to new research from the Slovakian security firm ESET.
Infected games posing as Candy Crush, Temple Run, and Plants vs. Zombies 2 are among those on the Google Play Store that were affected by the Mapin virus from the end of 2013 until the end of 2014. The fake version of Plants vs. Zombies 2 alone was downloaded tens of thousands of times over the course of a year while it was infected, after which it was finally pulled from the store.
The fact that Mapin made it onto Google’s official app store means that it fooled Google’s security software, Bouncer, for nearly a year and a half.
Mapin also hit third-party Android software markets, affecting more than a dozen apps there in the last two years. Many of these apps are still available outside of the official Google Play Store.
Nearly 75 percent of infections have hit India, according to the researchers.
The Mapin trojan takes a patient and clever attack route by waiting a full 24 hours before executing, so that the infected games don’t seem responsible for problematic behavior.
Instead, the user is led to believe that the phone itself asking to install new software called Google Play Update or Manage Settings—authoritative names for nefarious tools.
“The average user will be convinced that this is some important update and at some point is likely to install it just to get rid of this notification,” the researchers told the Daily Dot.
After successfully installing itself, the trojan demands administrative privileges from the user so that it can’t be removed. By then, Mapin has connected back to a command-and-control server through which the hackers can pull the strings.
To add insult to injury, the trojan serves advertisements to the user, interrupting every action with full-screen commercials.
To help protect yourself against threats like this, ESET researchers recommend sticking to trustworthy developers and reading app permission requests closely when installing new software. If a request stands out as unjustifiable, something might be wrong.
Clarification: The apps being attacked by the Android/Mapin Trojan are not the actual popular arcade games, but rather fake versions of those apps that are also available in Google Play as well as third-party stores.
Screengrab via Palo Alto Networks/Google Play
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.