Data breaches and malware have been a major issue for just about every sector of the tech world in recent times, with Android being no exception. Scares like heartbleed and Stagefright ran their course, some still going strong, and scared most users out of third party app sources. At this point, only those who are very brave, very carefree or know very well what they’re doing put their trust in sources aside from the Play Store. Curated and scanned by Google, is as close to a safe haven as one can get in this day and age, but even the Play Store isn’t one hundred percent safe. The most recent phenomenon to hit the Play Store, according to Moscow antivirus vendor Dr. Web, is a method of obscuring malicious code that’s present in at least sixty games found in the Play Store, though none of them were big names.
The obscuring method, called steganography, hides a message or piece of code inside an image. Similar to the fairly well-known secret transmission method of saving a ZIP or RAR archive as an image to be shared covertly, the malicious code was hidden in images used by the games in question rather than the games themselves. Relatively unknown publishers, mostly making knockoff games, were involved. The trojan in question, Android.Xiny.19.origin, is capable of not only installing and running random APK files at the attacker’s beck and call, but also sending them fairly sensitive device information like your device’s IP address, carrier and IMEI address.
The trojan was found mostly on games of a copycat nature from unknown developers like Fun Color Games. Ripoffs of games like Temple Run, Goat Simulator and Contract Killerbwere all used, among others. Although 60 were found and reported, some are still available and there could be more. For the time being, best practice is to use caution, avoid me-too games and use antivirus software of some sort, but there really is no such thing as flawless security. If you’d like to read more, hit up the source link for more info from Dr. Web and a longer list of offending games.