Popular Game Malware Affecting More than 1 Million Android Users



Do you love playing games on your Android tablet and smartphone? Well, the innocent games you play, could be a route to bring some notorious malware to your devices. The researchers of security firm ESET have recently revealed that games Cowboy Adventure and Jump Chess have compromised the login information of about 1 million users.

This Thursday, in a post, ESET detailed how Cowboy Adventure was able to steal the private information of the users. This game was available on Google’s official store Google Play and now it has been removed. Once again, this raises a question mark over Google’s faulty app screening process that allows malicious apps to be hosted on Google Play. Such type of malware is more deadly because it is disguised as a game. So, they are really functional and great at fooling the users.

How Cowboy Adventure Malware Steals Your Data?

Whenever the Cowboy Adventure game is fired up, it launches a fake Facebook login screen. User considers it a part of game registration and enters the username and password. Researchers mention that only experienced and alert user can spot the differences.

As soon as this is done, private credentials of users are sent to the attackers’ server. This malware’s behavior is selective – i.e. its phishing triggers only on IP addresses outside the US and Canada. When some users from China reported about their Facebook accounts being spammed, researchers decided to look into the matter.

This app is developed on the Mono open-source and Microsoft .NET Framework’s cross-platform implementation. Its code is written in C# and sometimes and few vendors combine the C# and Mono code analysis to make phishing detection difficult.

On the other hand, Jump Chess game – from same game developer – feature the similar phishing technique, but the game wasn’t as successful as Cowboy Adventure.

How to Protect Yourself from Malware on Google Play?

Here are some tips given by ESET. Take a look:

Always download apps from Official Google Play store instead of other sources. Even Google Play isn’t 100% safe, it has some strong mechanisms.

Download apps only from trusted developers and look out for comments and ratings.

While installation, take a moment to read the permissions that an app is asking.

Read our guide to keep your Android device safe.

Image: Snoopwall

Tell your views in comments below. Subscribe to fossBytes newsletter for more updates.

[newsletter_signup_form id=1]
Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job