Network security company Palo Alto Networks has found a new family of Android malware called "Gunpoder" that masks itself as a Nintendo game then steals data.
Palo Alto Networks claims that hackers embed malicious code in a Nintendo Entertainment System (NES) emulator and NES app not affiliated with Nintendo. The app allows a user to play old Nintendo games like Super Mario on their mobile devices such as a tablet or smartphone.
Once the NES app is downloaded, it shows a pop-up message asking the user to confirm the terms and conditions. By clicking "OK" to the software developer's terms, a user is also agreeing to let Airpush, a software that allows developers to show ads within an app, to start collecting data. Palo Alto Networks suggests that Airpush's platform was abused by the author of Gunpoder to hide malicious activity.
The malware steals a user's personal data such as location and contacts and also makes payments. After obtaining details of one's contacts and location, the malware can also conduct targeted attacks, such as sending a personalized SMS or email that contains malicious links.
After accepting the software developer's terms and conditions, another pop-up message appears that asks users if they want to pay lifelong subscription fees of between $0.29 to $0.49 via PayPal or Skrill.
Paying a small lifelong subscription fee may not be a big deal for many customers, but they will come across a big bill as the app will send SMS to the user's contact list.
The network security company also submitted some Gunpoder virus to a free platform called VirusTotal to detect virus infection in a file. However, the VirusTotal result showed the virus to be classified as "adware" or seen as "benign."
"Legacy controls would not prevent installation of this malware," stated Palo Alto Networks. "While researching the sample, we observed that while it contained many characteristics of adware, and indeed embeds a popular adware library within it, a number of overtly malicious activities were also discovered, which we believe characterizes this family as being malware."
According to Palo Alto Networks, Gunpoder targets Android device owners in at least 13 countries, which include the U.S., Spain, Italy, Brazil, Mexico, France, Russia, South Africa, Indonesia, Saudi Arabia, India, Iraq and Thailand.
Security experts suggest that Android device owners should not download any app from outside the Play store. However, if a user wants to install an app from outside the Play store, then they should do research online.
Android smartphone and tablet owners can also protect their device by installing an antivirus app.
Photo: Maria Elena | Flickr