A number of Android games packaged with a persistent, aggressively ad-serving trojan were available on the Google Play store and other Android markets for as long as 18 months, according to researchers with ESET.
The trojan was detected by ESET as Android/Mapin and on Google Play it was observed packaged in a variety of applications since as far back as 2013, a Tuesday post said. Many of those apps are working games that pretend to be preexisting games, such as Plants vs. Zombies and Candy Crush.
According to the post, the trojan – 73.58 percent of infections were detected in India – has only been observed aggressively pushing advertisements; however, it requests device administrator rights and therefore has the potential to do just about anything.
“Android/Mapin contains multiple functionalities, such as pushing various notifications, downloading, installing and launching applications, and obtaining the user's private information, but its main purpose appears to be to display fullscreen advertisements on the infected device,” the post said.
The malware was likely able to bypass app vetting system Google Bouncer due to mechanisms that delay the execution of malicious functionality, Lukas Stefanko, malware researcher at ESET, told SCMagazine.com in a Tuesday email correspondence.
The post explained that each application launches the malware in a different way, such as 24 hours after the application is first executed. For all variants, when connectivity changes, users are prompted to install a “Google Play Update” or “Manage Settings” application that actually activates the malware.
Additionally, similar prompts request that the user activate device administrator, making the malware more difficult to uninstall.
“Ordinary users have often problem uninstalling applications with active device administrator rights, Stefanko said. “Users try to uninstall the app from application manager from settings and don't know where/how to deactivate it.”
In order to uninstall the threat, users should first deactivate administrator rights by going to settings, then to device administrator, then to Google Play Update/Manage Settings and then press deactivate, Stefanko said.
According to the “Motive Security Labs H1 2015 Malware Report” from Alcatel-Lucent, the mobile infection rate sits at 0.75 percent for the first half of this year. Focusing on Android specifically, the report showed that the number of malware samples more than doubled.