Gunpoder: Οι φίλοι του Nintendo που έχουν συσκευές με Android θα πρέπει να προσέξουν ιδιαίτερα. Ένα νέο malware για την πλατφόρμα του Android malware has appeared on third-party App Stores disguised as a classic Nintendo game.
The security company Palo Alto Networks reports that it has discovered a new family of malware that looks and behaves like ad software, while intercepting personal information from infected Android devices. Malicious software is called Gunpoder, and is hidden in a game.
The application is based on an open-source Nintendo Entertainment System emulator (an app that runs classic Nintendo games from the 1980 to Mobile) and is available in third-party App Stores.
Malware developers Gunpoder they changed the original emulator and added a feature payments, and a feature that gives the game access to the device's contact list. The result is a paid app that steals your personal information.
How does it work:
Μετά τη λήψη, η κακόβουλη εφαρμογή Gunpoder αναφέρει στους χρήστες με ένα μήνυμα ότι ο εξομοιωτής υποστηρίζεται απο advertisements. Αγγίζοντας “OK”, συμφωνείτε να αφήσετε ένα program called Airpush to collect data from your device.
Airpush is a library commonly used to push ads to mobile devices. Within this NES emulator, however, it collects a lot of personal data from a device, including user location, contact list, web page bookmarks, and information about the device itself.
"They're trying to create an accurate profile of the people using the app so they can target spearfishing or other malicious activity in the future," said Scott Simkin, senior director at Palo Alto Networks.
In addition to being able to collect information from users for future attacks, Simkin reports that the hacker can also sell them to various forums.
When users agree to collect their data, the application displays another alert asking users to buy a license. If users agree the application collects the payment information and charges them 0,45 dollars for the license.
Palo Alto Networks reports that using Airpush allows Gunpoder to avoid detection by antivirus software. Most antivirus software does not prevent or detect such adware.
Besides the fact that the new malware is undetectable by the antivirus software, malware has spread mechanisms. The alleged NES game asks users who have installed it to share the new one with their SMS contacts, thus infecting a whole new generation of Android devices.
Palo Alto Networks reports that it found 49 unique samples of the malware that may have been developed in different countries such as: the US, Iraq, Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Saudi Arabia, Italy, and Spain.
Simkin argues that Palo Alto Networks customers are now safe from this kind of malware. However, consumers are generally not. In order to stop the spread of Gunpoder, users should avoid downloading applications from third-party sites.