October 23, 2018 By David Bisson 2 min read

Security researchers observed an adaptable Android Trojan known as GPlayed masquerading as Google Apps to spy on and steal information from unsuspecting victims.

Cisco Talos discovered a sample of GPlayed that used an icon similar to Google Apps labeled “Google Play Marketplace” to trick users into installing the Trojan. Once booted, the malware attempted to register the infected device with its command-and-control (C&C) server. It then set up an SMS handler as a means to forward all SMS messages on the device to the C&C server. GPlayed completed initialization by requesting administrator privileges.

The GPlayed sample analyzed by Cisco Talos came with a modular architecture that enabled the attackers to customize their campaign. For example, the Trojan locked device screens and demanded payment from the victim via his or her credit card information. The sample also had the ability to exfiltrate contacts, a list of installed applications and the means to receive new .NET source code.

The Dangers of Downloading Apps Outside of Google Play

Attackers designed GPlayed to trick users into downloading what they thought was Google Apps, a technique that highlights the dangers of downloading software from locations other than official mobile app marketplaces.

Earlier this year, on the same day Epic Games CEO Tim Sweeney announced that Android users would need to download Fortnite from the web instead of the Google Play Store, WIRED and Lookout discovered seven sites advertising fake Fortnite downloads that hosted malware. In 2016, Check Point uncovered more than 80 fake apps available on third-party Android marketplaces that distributed Gooligan malware.

How to Defend Against an Android Trojan Infection

Security professionals can protect their organizations from GPlayed and similar Trojans by implementing security awareness training to promote best practices such as downloading apps from official marketplaces and avoiding suspicious links. Experts also recommend using a unified endpoint management (UEM) solution that offers mobile threat management to monitor devices for suspicious activity.

Sources: Cisco Talos, WIRED, Check Point

More from

Cybersecurity crisis communication: What to do

4 min read - Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook a key part of response preparedness: crisis communication.Because a brand’s reputation often takes a significant hit, a cyberattack can significantly affect the company’s future success…

Brands are changing cybersecurity strategies due to AI threats

3 min read -  Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. Interestingly, AI was both the cause of new issues as well as quickly becoming a common solution for those very same challenges.The study was conducted…

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today