Over the past few years, the Android mobile platform has been a favorite target for hackers. While there are certainly malicious apps and infections created for the purpose of targeting Apple users, the current threat environment shows Android device owners have much more dangerous activities to deal with.
According to a Pulse Secure study released in June, 2015, the vast majority of mobile malware targets the Android operating system. Researchers examined over 2.5 million mobile apps, and found that 97 percent of the mobile infections they discovered were focused on Android. Last year, there were more than 1,200 families of Android malware, a considerable increase from the 464 uncovered in 2013 and the 1,030 found in 2012.
"Android applications continue to offer the lowest barrier to entry among all mobile device platforms currently available," the authors of the report stated according to SC Magazine.
Unfortunately for Android users, the hits just keep coming. Trend Micro reported at the beginning of October that two new malicious games were discovered in the Google Play store that feature the ability to root Android devices. This is by no means the first time this has happened, but it is the newest threat in a long line of Android-facing infections.
Two new malicious games discovered
Trend Micro researchers Wish Wu and Ecular Xu discovered the two published games in the Google Play store. The malicious ability to root victims' devices was camouflaged by games and quizzes.
"If the apps Brain Test and RetroTetris ring a bell, better check your devices," Wu and Xu advised.
As of Oct. 8, both of these apps had been removed from Google Play, but a significant number of downloads took place before this time.
In this case of RetroTetris, malware authors counted on the popularity and cache of the classic Tetris shape puzzle game. This app was first made available in late August, but was also discovered in other third-party app stores in addition to the Google Store, including Appszoom, WanDouJia, YingYongBao and 360 Market. Researchers estimate that anywhere from 500 to 1,000 Android users downloaded the game, most of which reside in China.
"The app runs a malicious code to send commands to the startRootRunScript function of the RootGenius SDK (software development kit)," Wu and Xu explained. "This SDK helps the app download exploits from the Internet, depending on the Android version and other details. These exploits allow the app to gain root privileges on the device."
In addition, Wu and Xu discovered a website that they suspect is connected to the game. The site also includes the tools necessary to root Android devices, one of which was strikingly similar to the code in the app. The presence of this code led researchers to make the connection between the site and app, and suspect that the groups running these platforms have some kind of relationship with one another.
The other malicious game discovered, Brain Test, was published the app store on August 8, and later upgraded to a version that included the Qihoo Android Packer.
"Brain Test poses as a game that tests one's mental abilities, including checking your 'left brain' versus your 'right brain' and playing mental activities in a minute," Wu and Xu wrote. "Sound challenging? This was the hook that the app creators used when they first published the game on Google Play…"
The app has been removed by Google and republished by app creators several times thus far. Google first removed it on Aug. 26, but it was published again using a different package name and protect packer on Sept. 10. Google removed it again on Sept. 16, spurring creators to again adjust the name and package name. Google caught this and took it out of the app store again on Sept. 24.
Not only will this malicious game root the device, it can also download other infected apps. This enables nearly any malicious code to be executed on victims' devices. Most infected users live in India, the Philippines, Indonesia, Russia and Taiwan. However, Wu and Xu estimate that the number of victims has surpassed the 10,000 mark, and the infection is still active on many devices.
Similar to RetroTetris, researchers were able to uncover the website Brain Test communicates with in order to carry out its malicious activities. Through further investigation, Wu and Xu found that 385 other malware samples also communicate with the same site.
These are by no means the first malicious games discovered, and they surely won't be the last. In recent years, hackers have taken quite the liking to masking their activities with entertaining apps, making this a growing threat.
However, there are ways users can protect themselves. First and foremost, it's critical to exercise prudence in app stores.
"Android device users should take precautions when downloading apps from various sources, including the Google Play and third-party app stores," Wu and Xu advised.
Checking the number of downloads and user reviews can help device owners spot suspicious activities associated with hacking.
It can also be considerably beneficial to have a protection solution on the device, particularly if it is being used for both personal and work purposes. Trend Micro Mobile Security includes the ability to block the types of rootkit routines used by these specific infections. The software uses a mobile app reputation service to identify apps that seek to steal data, blocking them before they are able to carry out these malicious activities.
Trend Micro also offers other security solutions specifically for Android devices, helping to bolster mobile protection.