Android Games Can Be Trojanized by Hiding Malicious Code inside Images

Google’s Play Store is flooded with a multitude of gaming applications. But a new vulnerability has been discovered that allows attackers to hide malicious code inside the games available at Play Store, using nothing more than images. About 60+ games have been identified with this Trojan-like vulnerability.

Malicious Code Can Be Used To Steal Sensitive Information

According to the latest info from Dr. Web, over 60 Android games featured on the Play Store possess Trojan-like abilities that downloads and execute malicious code hidden inside images.

Doctor Web security researchers detected the Android.Xiny.19.origin Trojan that targeted dozens of games published on the Google Play store. The Trojan is designed to download, install, and run programs upon receiving a command from cybercriminals. Besides, it can display annoying advertisements.

These sophisticated and malware-infested games are still lurking around and their creators possess a multitude of ideas on how they can steal valuable information from the individual downloading that specific app. For example, they can steal the following information:

  • Phone’s unique IMEI
  • Phone’s unique IMSI
  • MAC address
  • Mobile operator
  • Country
  • Language settings
  • Operating system versions

The Trojan was incorporated into more than 60 games that were then distributed via Google Play under the names of more than 30 game developers, including Conexagon Studio, Fun Color Games, BILLAPPS, and many others. Although Doctor Web has already informed Google about this incident, the affected applications are still available on Google Play.

A year ago, two researchers demonstrated how attackers could be able to use images on Play Store to compromise the user’s mobile devices. The current malware creators, it seems, have adopted their research while designing the Android.Xiny.19.origin exploit. The exploit can also provide detailed instructions to either install or delete apps silently if root access has been enabled on the device. While this does sound dangerous, it is hoped that Google will patch this vulnerability at the earliest with either an update to Play Store Services, or a firmware update.