It’s no secret that mobile games are designed to be addictive. Unfortunately, this can be to our disadvantage. It’s all too easy to get carried away in the midst of a competitive game, often resulting in our putting security concerns on the back burner.
Just this week, new malware was found hiding in 60 Android games in the Google Play store, putting countless devices at risk of hijacking. Researchers identified the threat as Android.Xiny.19.origin, and it allowed hackers to steal sensitive information and control the behavior of users’ phones.
While people were busy tilting their phones in a virtual motorcycle race, this malware was operating in the background. It displayed unwanted advertisements and prompted users to install various software, then sending device data to a remote server.
While the exact motivation for the attacks remains unclear, it appears the crooks responsible were playing their own type of game. And what’s worse, they were able to get around Google Play’s safeguards using advanced tactics to bypass detection.
Now traditionally, any device hijacking happens through the insertion of malicious computer code into an application. However, this instance involved a technique known as image file steganography. These rogue games demonstrated Trojan-like functionality, allowing them to download malicious code through in-app images. Simply put: instead of hiding malware, the perpetrators disguised the malware to look like image files—which is how they were able to get past Google’s safety checks.
Despite this incident with Google Play, users do have equal responsibility in protecting against malicious attacks. While Android.Xiny.19.origin was a special instance, the majority of infections from apps are simply the result of downloads from third party marketplaces. It turns out the appeal of mobile games, whether involving laying with virtual cats or arranging colored blocks, is hard to resist. No surprise there.
So, how can you download, and play, mobile app games responsibly and securely?
- Stay away from third party app stores. Since Google Play is where most Android users shop for mobile games, it’s also where most legitimate developers want to release their apps. If a game is listed elsewhere, be suspicious, and think twice before downloading.
- Research games before downloading. It only takes a couple minutes to research the name of a mobile game or developer. In today’s fast-paced, digital world, people upload information on the Internet faster than you can beat Level 1. Simple preventative measures, like doing your app research, can go a long way for your security.
- Use a reliable, mobile security solution. Installing a comprehensive security solution like McAfee Mobile Security can keep your device secure from hackers’ malicious ploys—whether you’re on team iOS or Android.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.