ESET has recently published research on trojan that affected
several gaming apps on Android platform. After carefully reviewing our original
blogpost and accompanying press release, we are providing an explanation of the
facts, since they have been misinterpreted:
The authors of the Mapin trojan have taken legitimate clean
code of popular games, added malicious code and uploaded a new package to
Google Play, as well as alternate Android app stores. The application names
were chosen intentionally to resemble the genuine apps. The code was
distributed under a different developer name, and was not signed using the
official release code signing certificate belonging to the legitimate
companies, such as King. Also, the clean versions of the applications on the
Google Play store were not affected. It is a very common malware technique to
parasitize on the popularity of legitimate applications.
These apps were not connected to the genuine gaming apps
like Candy Crush Saga (produced by the King company). After careful review of
our blogpost and accompanying press release in order to prevent further
misunderstandings we have adjusted our
blogpost, press release on ESET HQ communication channels – as well as on local
websites such as in India which are operated by separate partner companies and
with local content. We apologize for
inconvenience caused by the phrasing to the genuine gaming companies. At ESET
we are putting in place another review layer for our content, so such
misunderstanding does not repeat in the future.
-------------------------------------------------------------------------------------------------------------------------------
ESET discovered an interesting stealth
attack on Android users. Cybercriminals created fake versions of popular arcade
games such as Plants vs Zombies, Candy Crush or Super Hero Adventure to deliver
backdoor Trojan directly onto victim‘s device. These
malicious downloads were made available on the official Google Play Store. ESET
offers in-depth
analysis of this Trojan dropper on WeLiveSecurity.com.