Android has never been known for being the most secure mobile operating system, so it goes without saying that the Google Play Store isn't exactly the safest marketplace for apps.
Earlier this month, Google itself knocked out 13 apps for secretly downloading malware into user's devices. Just a week later, Bankosy was discovered for stealing users' one-time passwords. Now, the latest security breach involves a new Trojan dubbed Xiny.
Xiny was discovered by Dr. Web's anti-virus research team. Known specifically as Android.Xin.19.origin, the trojan bug could manifest itself in an unsuspecting user's device, hiding beneath a game downloaded off the Play Store.
So far, over 60 games have been found infected with the Xiny trojan. From all of these games, tens of thousands of downloads have already been completed. Many of them come from publishers and studios such as Conexagon Studio, Fun Color Games and BILLAPPS. Users are advised stay away from these developers.
Once a user downloads the game, the Xiny trojan "downloads a specially created image containing the corresponding file object hidden with the help of steganography from the server. The trojan then retrieves the apk file using a special algorithm," describes Dr. Web's team.
From there, Xiny finds out more about a user's device and sends that info back home (wherever that might be). The IMEI and IMSI identifier, the presence of a memory card in the device, country, language, the Android version running on the device, and information about the mobile operator are just some of the data that Xiny steals.
The malicious program doesn't stop there. Apart from being a information thief, it can also execute some actions on a user's phone. Xiny can display annoying ads, download other apps and prompt a user to install other software. If it gains root access to a device, it can even install and delete programs.
Rooted Android devices are thus the most susceptible to Xiny's attacks. Modders should be extra wary of what apps they download, especially when they are acquired from unofficial third-party Android marketplaces.
Dr. Web has reported its findings to Google and we expect those publishers to get kicked off the Play Store as soon as possible. For us users, it's always best to be careful with what apps we download since this probably won't be the last malicious app to hit the Android ecosystem.
Photo: Rob Bulmahn | Flickr