ESET finds popular game titles such as Plants vs Zombies, Candy Crush or Super Hero adventure are being used to deliver backdoor Trojan directly onto Android devices via the official Google Play Store.
ESET labs detected arcade games that install the Trojan as Android/TrojanDropper.Mapin and the Trojan itself as Android/Mapin. This malware is capable of taking control of the victim’s device and make it part of a botnet under attacker’s control. Moreover, Android/Mapin has one addition that makes the detection more complicated – a timer that delays the execution of the malicious payload so victims won’t suspect a game infected their device.
„Some variants of Android/Mapin take a minimum of three days to achieve full Trojan functionality. It may also be one of the reasons why the TrojanDownloader was able to evade Google’s Bouncer malware prevention system,“ said Lukas Stefanko, Malware Researcher at ESET.
The backdoor Trojan was able to sneak in Google Play and several alternative Android markets multiple times mimicking one of the following popular games: Plants vs Zombies, Plants vs Zombies 2, Subway Surfers, Traffic Racer, Temple Run 2 Zombies, Super Hero Adventure, Candy Crush, Jewel Crush, Racing Rivals and others. The Trojan pretends to be a Google Play Update or an application named Manage Settings.
„Interestingly, not all of its functionality has been fully implemented. There is a possibility that this threat is still under development and the Trojan may be improved in the future,“ concludes Stefanko.