Skip to main content

You might have downloaded a Trojan with Candy Crush

Right after Apple was hit with the horrendous malware attack, new research had discovered that a similar thing happened to Google’s Play Store.

However, the attack on Google Play Store lasted approximately a year and a half.

According to researchers at security company ESET, hackers have managed to break into the free game market and exploit players for money by inserting a virus called Mapin into otherwise non-malicious packages, such as illegitimate versions of the widely popular Candy Crush, and at least one variant of Temple Run.

The malware managed to slither its way past the bouncer software in place.

"We at ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with one interesting addition: the application was bundled with another application with the name systemdata or resource and that's certainly a bit fishy," said the firm in a blog.

"Why would a regular game downloaded from the official Google Play Store come with another application named systemdata? This particular application/game from Google Play Store is certainly not a system application, as the name seems intended to suggest."

“The most interesting thing about this Android Trojan is that it was available for download from the official Google Play Store by the end of 2013 and 2014 as Hill climb racing the game, Plants vs zombies 2, Subway suffers, Traffic Racer, Temple Run 2 Zombies, and Super Hero Adventure by the developers TopGame24h, TopGameHit and SHSH. The malware was uploaded to Google Play on November 24-30, 2013 and November 22, 2014,” the company said.

"The Trojans were eventually pulled from the Google Play store, but were undetected for nearly a year and a half. Perhaps because of this and similar cases, Google announced that as of March 2015, all apps and updates must pass human review.”