GPlayed Is A Dangerous New Virus

Cybersecurity experts from the Cisco Talos group discovered a new dangerous virus, which is called GPlayed. The malware is still at the testing stage, but it can turn into a serious threat.

Cisco Talos found out as a result of the tests that the new Trojan presented itself as a Google Play client: it used a similar icon and was called Google Play Marketplace. When installing, the Trojan attempts to gain administrator privileges and requests permission to access the settings.

The malware is written in .NET using the Xamarin development tools. GPlayed features are rich and diverse:

  1. Theft of SMS and contact list;
  2. Making calls and sending SMS and USSD-messages;
  3. Launch of applications;
  4. Destruction of information, adding and deleting web injects;
  5. Theft of billing information;
  6. Set password lock.

The GPlayed Trojan looks very persistent, requests access to device administration, and until these rights are granted, the window cannot be closed. The GPlayed sample analyzed at Cisco is focused on Russian-speaking targets, since most of the pages intended for interaction with the victim are in Russian. However, the researchers noted that due to the peculiarities of the project, it is very easy to change the language in this case – no more difficult than the “career guidance” of a Trojan.

Unfortunately, mobile application developers are trying to avoid official stores because of bureaucratic red tape due to requirements from the site. The presence of viruses such as GPlayed clearly shows what can result in neglect of checks. Recently, droppers have become widespread, as users often do not know that a Trojan has appeared in their smartphone. As part of the fight against droppers, Google launched Play Protect, which constantly scans apps in the official app store for suspicious activity.

You can follow these rules to protect your data from hacking:

  1. Use modern antivirus software,
  2. Install applications only from the official site developer or from official stores,
  3. When downloading the application, read the reviews and its reputation.

We have a team of highly qualified specialists who can quickly help you. If you are faced with hacking,  our team will search for viruses and spyware on your device and restore your data if necessary.

 

DISCLAIMER: This blog is designed for informational and educational purposes only. It does not constitute legal advice and is not intended to create an attorney-client relationship. Further, your use of this blog does not create an attorney-client relationship. Online readers should not act upon any information presented on this blog without first seeking professional legal counsel. Legal advice cannot be provided without full consideration of all relevant information relating to one’s individual situation. For specific, technical, or legal advice on the information provided and related topics, please contact the author. The author apologizes for any factual or other errors in this blog. If you believe that some content is inaccurate, false, disparaging, slanderous, libelous, or defamatory, please contact the author directly at (StevenG.@digitalforensics.com). Information herein is provided on an “as is” or “as available” basis; we make no warranty of any kind to you regarding the information provided and disclaim any liability for damages from use of the blog or its content.