Google Play Fails to Remove All Super Mario Malware
Android.Dropdialer poses as a “Wallpaper” app but it also happens to install an additional app which then sends a premium rate SMS.
Asrar analyzed two versions found on Play that used video games as bait. Good news: Android Security removed the apps identified by Asrar. Bad news: there are more malware apps currently on Google Play. When something works once, bad guys will try it again.
With that in mind we used Google Search and we found more examples (in less than 10 seconds).
Here’s another version of the “Super Mario Bros.” app:
GTA 3: Las Vegas (Asrar located a Moscow City version):
Instagram After Effects:
FIFA 11 Russian Edition:
Here’s something clever…
Premium rate SMS numbers only work within a particular country. So, this malware is “incompatible” outside of profitable networks.
This limits the malware to its target group, as well as making it more difficult for antivirus researchers to collect samples.
Kudos to Asrar for identifying the threat. Better luck next time to “Android Security”.
Updated to add:
Here’s a video demonstration of the Vahtang Maliev version of the Super Mario Bros. Dropdialer:
On 11/07/12 At 11:43 AM
Incoming search terms