Demonstrating the increasingly clever and cunning lengths to which cyber criminals will stretch in order to get their malware into user systems, a new Android malware has appeared that disguises itself as a Nintendo game.
Third party app stores
The app has appeared on third party app stores and looks just like a classic Nintendo game. It is based on an open-source Nintendo Entertainment System emulator – basically an app that runs classic Nintendo games on mobile – and has been named Gunpoder. Those behind the malware took the original emulator and added payments, advertising and a feature that promotes the game via a user’s contact list. The malware looks and behaves like advertising software but is actually stealing personal information, such as bookmarks, contacts, location and information about the device.
The programme that collects this information is called Airpush and clicking ‘ok’ to the app terms and conditions gives it permission to start harvesting. The purpose of the data collection is to allow profiles to be built of users who can then be targeting with other malicious campaigns in future. In addition to accepting the terms and conditions, users are asked to purchase a ‘lifelong licence’ for $0.45. Agreeing to this also allows the app to collect the user’s payment information, which can then be retained or sold on.
Undetectable by antivirus
The main advantage of this approach for cyber criminals is that the use of Airpush means that this piece of malware can avoid being detected by antivirus software, which doesn’t block adware. The malware is also proving highly effective at spreading, asking users of the app to share it with contacts via SMS and so infecting contacts too. Network monitoring and security consultancy can be important elements in helping to avoid infection by malware for businesses, however, when it comes to apps like this, the simple rule is not to use third party app stores as these allow this kind of deception to take place.