Whenever you purchase an application you never think it could possibly be infected with all kind of crap. I mean, if someone would try to get some malware on as many phones as possible, he or she would use a free app that many people would download, right? Wrong. Security researchers have recently discovered three different malware versions which were posing as Nintendo emulators. What's even funnier is that all the infected apps required the users to pay in order to download and install them.
Cong Zheng and Zhi Xu, two security researchers from Palo Alto Networks, found the malware which is named Gunpowder masquerading as applications which allow you to play Nintendo games on your Android device. The malicious code is a data-stealing tool which is capable of collecting the victim's bookmarks and browser history. Gunpowder spreads itself by sending fraudulent SMS messages from the infected phones and also opens other malicious programs. What's really curios is that this strain of the malware does not send it via SMS to other people if it infects a device from China.
According to the researchers, Gunpowder has managed to stay hidden this long because it is packaged with an adware library called Airpush. Antivirus applications would notice the Airpush adware, but since they didn't flag it as dangerous, they would allow it to run its code. “The malware samples successfully use these advertisement libraries to hide malicious behaviors from detection by antivirus engines,” they wrote. “While antivirus engines may flag Gunpowder as being adware, by not flagging it as being overtly malicious, most engines will not prevent Gunpowder from executing.”
If you are curious about how much the app that the malware was masquerading as costs, I'll tell you. A life-long subscription to the emulator would cost the user $20 USD while for a monthly subscription the customers had to pay $0.49. The malware has been spotted in a large number of countries like Brazil, Spain, Italy, Mexico, South Africa, Indonesia, India, Thailand, Russia, Saudi Arabia, France and the U.S.
Source: Android Headlines