AH Virus Malware Piracy Skull Death Samsung logo 1.0

Gunpowder Is Malware That Looks Like A Nintendo Emulator

July 9, 2015 - Written By Diego Macias

Mobile gaming seems to be reaching new peaks as the hardware of mobile devices keep getting more powerful and more capable. Developers can now create games with not only better graphics but also change the gameplay as they can use all the included sensors making users interact with the game in a whole new way. Even Nintendo, who is still committed to mobile gaming with their own portable consoles has announced that some games will be released for mobile platforms created from scratch to take advantage of the possibilities that the new game plays bring. But what about those nostalgic users that would like to play classic Nintendo games in their mobile devices? There are a bunch of emulators that display on-screen buttons recreating the controls of previous consoles so they can play retro games.

Now, it has been reported that some coders might want to take advantage of this group of people and have developed malware that could appear as one of these emulators to play Nintendo games. People at Palo Alto Networks were responsible for finding as much as three variants of the malicious-coded software called Gunpowder, what makes it difficult for antivirus programs to detect it is that it is included into an adware library called Airpush, so these programs won’t flag it as something malicious or prevent its execution as they will categorize it as advertisement packages.

Palo Alto reports that the users that have been affected by the software belong to the following countries: Iraq, Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Saudi Arabia, Italy, the U.S. and Spain. The malicious apps might collect data like bookmarks or browsing history, they might send themselves to other contacts as an SMS (except in China) as well as show fraudulent advertisements and execute other code. What’s more, once the app is installed, it will ask users for a certain amount of money to get a license for the emulator and it can be paid by PayPal or Skrill. The software will also be installed if users answer a bunch of surveys and install some apps to get a gift from an ad that looks like a Facebook page. To prevent this, it’s strongly recommended to only install apps from the Google Play Store, as they have been approved to ensure they won’t harm our devices.

gunpoder-100595416-orig