Menu
Android malware masquerades as Nintendo game emulator

Android malware masquerades as Nintendo game emulator

Gunpoder contains several malicious functions and steals data

Palo Alto Networks has found a new family of Android malware that masquerades as a Nintendo game emulator.

Palo Alto Networks has found a new family of Android malware that masquerades as a Nintendo game emulator.

A new family of Android malware adds insult to injury by making users pay for the data-stealing application.

Palo Alto Networks found three variants of the malware, which it calls Gunpoder, masquerading as emulator applications used to play Nintendo games.

Antivirus engines are having trouble detecting Gunpoder's malicious code since it is packaged with an adware library called Airpush, wrote Cong Zheng and Zhi Xu of Palo Alto's Unit 42 research group.

"The malware samples successfully use these advertisement libraries to hide malicious behaviors from detection by antivirus engines," they wrote. "While antivirus engines may flag Gunpoder as being adware, by not flagging it as being overtly malicious, most engines will not prevent Gunpoder from executing."

Gunpoder apps can do a variety of invasive actions, including collecting bookmarks and browser histories, sending itself to other people over SMS, showing fraudulent advertisements and executing other code.

And users get to pay for that data-stealing capability. When a Gunpoder app is launched, it asks users to buy a lifelong license for the emulator for US$0.20 or $0.49, payable through PayPal or Skrill.

So far, Gunpoder appears to be targeting people in Iraq, Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Saudi Arabia, Italy, the U.S. and Spain, Palo Alto said.

Curiously, the malware is programmed to not send itself by SMS to other numbers in a phone's contact list if the user is in China.

Its coders have also co-opted the Airpush advertising library with a fraudulent ad.

"The fraudulent advertisement page attempts to mimic a Facebook page," Palo Alto wrote. "It requests that victims finish a number of surveys and asks them to install various applications in order to receive a gift."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags palo alto networkssecuritymobilemalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments