Assassins Creed, that wildly popular mobile and console video game, will take players to the French Revolution, World War II, or even to the Crusades as part of the Knights Templar. But a fake version will take users somewhere else entirely: to the great Malware War of 2014.
A new Android malware disguising itself as an Assassins Creed app is taking a particularly savvy approach to compromising users. It will install a pirated version of the Assassins Creed game that functions normally, making the end user oblivious to the malicious activities it performs in background.
Upon installation, the user will see the game icon on the screen, but interestingly, it disappears shortly thereafter with the malicious process still running in the background.
According to researchers at Zscaler, the malicious application is capable of sending multi-part text messages, harvesting text messages from a victim's device and sending stolen information to a remote command & control (C2) server. It also harvests the mobile number and Subscriber ID information from the victim device for tracking purposes.
“We were able to locate phone numbers belonging to…the Volga-Vyatka Bank of Sberbank of Russia in the malicious application code, for which SMS messages are being intercepted to steal sensitive information,” Zscaler said.
The malicious app performs the activity of harvesting sensitive information and sending it to the remote server on a regular interval by setting up an alarm.
Also, it uses AES encryption, so the sensitive harvested data and C2 communication is encrypted and decrypted using that configuration.
“Cybercriminals often lure users with pirated versions of popular paid mobile applications that are trojanized to steal sensitive information,” Zscaler added.
Users should of course stay away from such offers and download mobile apps only from trusted sources, like the Google Play store.