In a world where everything is always connected, and mobile devices are involved in individuals’ day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisco Talos has identified the latest attempt to penetrate mobile devices — a new Android trojan that we have dubbed “GPlayed.” This is a trojan with many built-in capabilities. At the same time, it’s extremely flexible, making it a very effective tool for malicious actors. The sample we analyzed uses an icon very similar to Google Apps, with the label “Google Play Marketplace” to disguise itself.
What makes this malware extremely powerful is the capability to adapt after it’s deployed. In order to achieve this adaptability, the operator has the capability to remotely load plugins, inject scripts and even compile new .NET code that can be executed. Our analysis indicates that this trojan is in its testing stage but given its potential, every mobile user should be aware of GPlayed. Mobile developers have recently been eschewing traditional app stores and instead want to deliver their software directly through their own software. But GPlayed is an example of where this can go wrong, especially if a mobile user is not aware of how to distinguish a fake app versus a real one.