Light Dark
October 23, 2018 By David Bisson 2 min read

Security researchers observed an adaptable Android Trojan known as GPlayed masquerading as Google Apps to spy on and steal information from unsuspecting victims.

Cisco Talos discovered a sample of GPlayed that used an icon similar to Google Apps labeled “Google Play Marketplace” to trick users into installing the Trojan. Once booted, the malware attempted to register the infected device with its command-and-control (C&C) server. It then set up an SMS handler as a means to forward all SMS messages on the device to the C&C server. GPlayed completed initialization by requesting administrator privileges.

The GPlayed sample analyzed by Cisco Talos came with a modular architecture that enabled the attackers to customize their campaign. For example, the Trojan locked device screens and demanded payment from the victim via his or her credit card information. The sample also had the ability to exfiltrate contacts, a list of installed applications and the means to receive new .NET source code.

The Dangers of Downloading Apps Outside of Google Play

Attackers designed GPlayed to trick users into downloading what they thought was Google Apps, a technique that highlights the dangers of downloading software from locations other than official mobile app marketplaces.

Earlier this year, on the same day Epic Games CEO Tim Sweeney announced that Android users would need to download Fortnite from the web instead of the Google Play Store, WIRED and Lookout discovered seven sites advertising fake Fortnite downloads that hosted malware. In 2016, Check Point uncovered more than 80 fake apps available on third-party Android marketplaces that distributed Gooligan malware.

How to Defend Against an Android Trojan Infection

Security professionals can protect their organizations from GPlayed and similar Trojans by implementing security awareness training to promote best practices such as downloading apps from official marketplaces and avoiding suspicious links. Experts also recommend using a unified endpoint management (UEM) solution that offers mobile threat management to monitor devices for suspicious activity.

Sources: Cisco Talos, WIRED, Check Point

 |  |  |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

May 3, 2024

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature