The malicious program could be a cryptocurrency miner, or an adware
The Android mobile operating system is one of the most widely used in the world, so multiple threat actors see it as a potentially profitable attack target. In recent days, Lukas Stefanko, a cybersecurity and digital forensics specialist, unveiled the discovery of a malware hosted in 13 games apps (car racing themed) available at Google’s Play Store.
The worst part of this issue is that these apps have been installed by about half a million users (560k, to be more precise). Stefanko reported, through a Twitter thread, these apps, which were developed by Luiz or Pinto; when installed, the apps hid their icons to deceive the users, forcing them to install another app, which drastically reduces the performance of the affected device.
The digital forensics researcher considers that the cause of the device performance deficit could be the stealthy installation of a cryptocurrency mining malware, which render slow the smartphones to extract the digital assets using its processing capacity. Stefanko has not been able to confirm what type of malware that is being distributed through these Android games, because there is also the possibility that it is an adware, which infests devices with advertising to generate illegal revenue thanks to the little caution from Android users.
According to information provided by the malicious software analysis website VirusTotal, at least fifteen of the leading antivirus scan firms have found a Trojan functional for Android in these apps. According to reports of specialists in digital forensics from the International Institute of Cyber Security, the Trojan in question is called “HEUR:Trojan.Androidos.Piom.Yqm”, and uses advertising as its main method to generate profits.
“The malware uses different methods to show Android users as many ads as possible, even by installing an adware. These Trojans can get root privileges to hide in the system folder, which makes them difficult to eradicate,” the analysis managers mentioned.
Stefanko reported malicious apps to the Google teams in charge of Play Store last Monday. However, this is a new company failure in its mission to protect its users against any type of malware on its official platforms. The cybersecurity and digital forensics community has been warning Google users about the possible risks of downloading third-party apps, but now it seems that it is also necessary to take precaution measures for apps hosted in Play Store.
If you want to download an app for Android, be sure to check the comments and reviews that other users have made about these, as this can work as a fundamental prevention measure.
It is also recommended to keep your device updated and regularly perform antimalware analysis; multiple options are available on the official software platforms, such as Play Store.