Symantec Security researchers has identified a new malware posted to the official Google Play market, a discovery that once again demonstrates the limitations of a recently deployed scanning service designed to flag malicious apps before they can be downloaded by end users.
The threats were posted as two popular titles, one as “Super Mario Bros.” and the other was packaged as “GTA 3 Moscow City”. Both were posted to Google Play on June 24 and since then have generated in the range of 50,000 to 100,000 downloads.
"What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered," researcher said. "Our suspicion is that this was probably due to the remote payload employed by this Trojan."
Once installed, it would download an additional package, hosted on Dropbox, called ‘Activator.apk’.This additional package sends SMS messages to a premium-rate number.
An interesting feature of the secondary payload is that it prompts to uninstall itself after sending out the premium SMS messages—an obvious attempt at hiding the true intent of the malicious app. The premium SMS is targeting Eastern Europe.
The threat has been removed after Symantec notified Android security Team of this discovery.
