It is been a tough week to the Google with the shutdown of Google Plus due to a data leak and criticism coming at the company from all ends. The Internet giant is taking measures to put this to an end but there is yet more troubling news for the company’s mobile platform. new Android Trojan, GPlayed that uses an icon similar to Google Play Store has been discovered by researchers at Cisco Talos.
The Trojan was analysed by the researchers where they revealed that the trojan has many built-in capabilities and is extremely powerful, thanks to its capability to adapt after it’s deployed. The malware uses the icon of “Google Play Marketplace” which makes it less likely for users to detect.
Even though the malware is in its testing stages, it is quite potent and can fool the average user into thinking that it is a legitimate app by Google. The GPlayed malware is capable of storing banking credentials, monitor device location, steal device data, log keys and other personal data.
With the initial deployment, the Trojan will start three timers, the first for pinging the C&C server after 20 seconds, the second to toggle on the Wi-Fi every five seconds, and the third to register the device with the C&C server every 10 seconds.
After the Google Android handset is infected, the Trojan registers it to the malware’s command and control server, allowing attackers to steal data. Infected devices have all incoming SMSes transferred to the attacker, allowing them to tap into any two-factor authentication passwords or SMS protect codes for breaking into personal accounts.
Thanks to Cisco Talos as they discovered the malware earlier still the modular GPlayed Android Trojan is still under development given that there are a lot of ‘test’ labels within its source code, the URLs mentioned within the source code were all inactive, and the malware generates large amounts of debugging information.
GPlayed has already been submitted to antivirus detection platforms, and Google is aware of the malicious program. Google’s Play Store is meant to be a secure platform for delivering apps, and most users choose to download their apps from the Play Store instead of relying on direct downloads from developers or third parties. However, the early detection can make many to aware about this situation.
