Symantec researchers recently found new malware in the the official Google Play store, disguised as version of the games 'GTA 3 Moscow City' and 'Super Mario Bros.'
"Both were posted to Google Play on June 24 and since then have generated in the range of 50,000 to 100,000 downloads," writes Symantec researcher Irfan Asrar. "What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered."
"Symantec notes the Trojan in question uses a remote payload to avoid detection of anomalies during the automated QA screening process," writes ZDNet's Emil Protalinski. "The first stage is to post on Google Play, and once the app is installed on a victim's phone, it downloads an additional package, hosted on Dropbox, called 'Activator.apk.'"
"The secondary payload allows the malware to send messages to premium-rate SMS numbers in Eastern Europe, in a type of attack often referred to as toll fraud," writes InformationWeek's Mathew J. Schwartz. "The malware then uninstalls the secondary payload, helping to disguise what it's been up to."
"It’s clear that while Google has made progress in securing the Google Play repository, more work is needed if malware can reside there unnoticed for over two weeks," writes Forbes' Adrian Kingsley-Hughes.