On Google’s official Play Store 60 Android games have been discovered by Dr. Web that contains a malicious trojan named Android.Xiny and these games developed by the team of 30 different developers, but according to the Dr. Web’s security staff description they were all packed and behaving in the same way.
That user whoever had downloaded this games, this trojan collected their personal information and sent it to a remote C&C which is a command and control server.
Android.Xiny can show ads and has the ability to download other malicious apps also.
- IMEI and IMSI identifiers
- Country and language settings
- Mobile operator information
- Phone’s MAC address
- OS version
- What type of memory card the device was using
And it’s tough to find out that which app the trojan was using to collect all this information.
A strange thing noted by Dr.Web‘s researchers for this campaign was the usage of steganography for downloading malicious apps. The Steganography by which the malicious apps are downloaded by which we can hide data in plain sight, usually inside images. The technique of steganography dates back to ancient Greece when people wrote secret messages on wood and covered them with beeswax so that the recipient could discover them by removing the layer of wax.
Currently, Dr.Web says that Google has failed to take down the apps it reported as infected with Android.Xiny.