The app made its way to Google Play Store was also found phishing users for Facebook credentials.
The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials.
The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account – All of this happens, unsurprisingly, without alerting the user.
Researchers also identified that the app launches full-screen ads on the users’ devices apart from stealing private data. Furthermore, the app spams users with phishing pages aiming at stealing login credentials.
“We analyzed two versions of this app. The first one was constantly crashing and was basically unusable due to the persistent phishing page being displayed over any app including over the game and even after a device reboot,” researchers said in their blog post.
We analyzed two versions of this app. The first one was constantly crashing and was basically unusable due to the persistent phishing page being displayed over any app including over the game and even after a device reboot.
Google removed the app from its official Play Store after the story was published. Wandera’s vice president Michael Covington states that it is not yet clear who was collecting the data and for what purpose but he is sure that the app is a malicious one and “puts private user data at risk.”
“It’s logging into the profile section of your Gmail and going through tab by tab and taking screenshots of your personal information. It’s taking all of that data and sending it somewhere,” Covington added.
The app’s developer is listed as “Top Games Studio.,jlk,” while there is no other app with the name Scary Granny, listed on the Play Store. When the developer’s website URL was clicked, it led to an unregistered domain and the developer’s email address is also not authentic. Hence, there is no way to identify the developer of this malicious app.
It is worth noting that newer Android devices aren’t at risk and only the ones running Android Oreo or previous versions are vulnerable to the app. It is also advised that you must refrain from downloading unnecessary apps from Play Store and third-party websites. Moreover, keep your device updated and use reliable anti-virus software at all times.
No tags for this post.
Based Blockchain Network