Fake apps, fake games: An update on gaming malware
Credit to Author: Trend Micro| Date: Thu, 23 Feb 2017 21:27:32 +0000
Malware in mobile gaming is not a new occurrence. Mobile malware itself continues to be a problem for enterprises and consumers alike, with the total number of malicious programs climbing. According to numbers compiled by Trend Micro near the end of 2016, 65 million mobile threats were blocked just by them in 2016, with 19.2 million of those being unique samples of malicious Android apps. Only 10.7 million samples total were collected in 2015 – a pretty large discrepancy that has quite a few security experts worried.
A study from the Ponemon Institute found that 84 percent of IT security practitioners are very concerned about mobile malware, compared to only 66 percent who are worried about their IoT applications, according to Dark Reading. This is telling indeed: The great majority of IT security professionals realize that mobile gaming malware is a huge concern – and thus it's important to take note of how these kinds of malicious programs can be guarded against.
Gaming malware rampant
Examples of fake apps and mobile malware are everywhere, especially in the gaming marketplace. For instance, the once-popular mobile game Pokemon Go became the target of hackers and malicious actors in 2016. When Pokemon Go first hit app stores in mid-2016, trolls and hackers jumped on the opportunity to con unknowing users into downloading counterfeit applications under the guise of an "early release" of the game. Other apps cloaked as helpful additions to the game were compromised, too. According to Digital Trends, more than 500,000 people downloaded a "Guide for Pokemon Go" that was, in fact, a clever disguise for a piece of rooting malware that allowed hackers to take control of the phones that downloaded it.
Even after the game was released, people were still downloading erroneous applications on third-party app stores. Trend Micro found last year – and it was being reported as late in the year as mid-September – that hackers were still having a run of making fake apps and marketing them to unsuspecting Pokemon lovers, thanks to the third-party app store Haima. The third-party store's charade as an enterprise means that it can distribute apps that haven't been vetted by Apple's stringent certification standards – leaving the door wide open for malware-carrying programs. The Vietnam-based app store HiStore also had a counterfeit version of the game, which was downloaded a troubling 10 million times. All of this is to say that Pokemon Go had its share of issues when it came out – so it should follow that other games continue to have the same problems.
History of cybercrime
That wasn't the first time gaming malware made its way into the limelight, either. In 2013, Security Week contributor Fahmida Y. Rashid reported that research suggested 90 percent of popular computer games, like World of Warcraft, Minecraft, Runescape and League of Legends, were infected with malware. This issue stemmed from a small percentage of players actively going in and hacking other users' accounts with the intent to steal personal information and payment data.
These kinds of malicious attacks go back even further than that, though. As early as 2009, PCWorld contributor Patrick Shaw was reporting that malware was beginning to "creep" into online games. In an interview with Michael Helander, vice president of sales and marketing at Lavasoft, Shaw explored the concept of online gaming and tried to understand why, exactly, hackers saw value in attaching malicious programs to these games.
"Virtual characters and virtual objects have taken on value in the real world where they can be bought and sold for real money," Helander told Shaw. "A thriving underground black market demonstrates that a significant amount of people are prepared to pay for them. Malware creators simply recognize the opportunity for profit and have set about exploiting online games."
The trouble with Mario
The fake Pokemon Go apps and malware within popular online PC games is only the tip of the iceberg when it comes to the dangers of gaming. Recently, Trend Micro researchers reported that a popular app released by Nintendo, Super Mario Run, was being targeted by hackers and used as a jumping-off point for their nefarious schemes. Like the fake Pokemon Go apps, many counterfeit versions of Super Mario Run have now been downloaded on third-party app stores, but it has a little more to do with the name than with any particular game associated with it. Because the Super Mario name has been a household staple for so long, gaming hackers have tried to corner this market for quite a while.
"In advance of any official release, cybercriminals have already released their own Mario-related apps," wrote Trend Micro mobile threats analyst Jordan Pan. "Since 2012, we have found more than 9,000 apps using the Mario name on various sources online. About two-thirds of these apps show some kind of malicious behavior, including displaying ads and downloading apps without the user's consent. Since the start of the year we have detected these malicious apps approximately 90,000 times."
Most of those 90,000 downloads occurred in Indonesia, India and Mexico, but a small number of them happened in the U.S. The great majority of the applications discovered by Trend Micro, which have familiar names like "Super Mario" and thus are easily mistaken for the real deal, are simple advertising apps, but some of them prompt users to download separate apps that can read their text messages, troll for payment data and gain access to other important personal information.
Komando.com reporter Francis Navarro wrote about another specific kind of malware infiltrating the Super Mario Run downloads, which actually ended up being the Marcher malware in disguise. The Marcher malware has been around since 2013, according to ZDNet​, and is used to overlay legitimate apps with malicious code. For instance, banking apps can be compromised by Marcher – they will continue to appear like the applications you've downloaded previously, but they will instead be trolling for bank information and will log any info you type into the interface.
The takeaway
Gaming malware isn't a new phenomenon; but in the age of smartphone gaming when popular brand names – like Pokemon and Super Mario – become staples of the app store, gamers need to be more aware of the apps they're downloading in order to avoid Marcher malware and other nefarious programs.
It's critical that consumers make sure they're using the correct app when playing smartphone games. As can be seen in the situations like with Pokemon Go and Super Mario Run, the creators of malware know how to lure unsuspecting users in – which means it's all the more important that people remain vigilant.