Gamers’ Google and Facebook Credentials Unsafe; Android’s “Scary Granny ZOMBYE Mod: The Horror Game” To Blame!


A horror game from Android which has more than 50,000 downloads
to its name. The Scary Granny ZOMBYE
Mod: The Horror Game
showed malicious behavior and is allegedly stealing
users’ credentials after they log into their accounts.
The game is specifically designed to hoard downloads from
the success of another Android game dubbed “Granny” with 100 million installs
as of now.
After the researchers informed Google about the game’s
phishing and siphoning abilities, the fully functional game was taken down from
the Google Play Store.
A prominent research team realized that the game wouldn’t
exhibit any malicious activity up to 2 days to steer clear of security checks.
It would turn in its data-stealing modules lest it were
being used on older Android versions with users with new devices which run up
to date.
Quite obviously it starts asking for permissions to launch
itself on the smartphone or tablet and tries to gain the trust of the users.
Even after the Android users reboot their systems the game
still shows full-screen phishing overlays.
Firstly it shows “a notification telling the user to update
Google Security Services” and the moment they hit ‘update’ a fake Google Login
page appears which looks almost legitimate except for the incorrectly spelled “Sign
in”.

Scary Granny, after stealing the users’ credentials it will
go on to try to harvest account information like recovery emails, phone
numbers, verification codes, DOBs and cookies.
Obfuscated packages are other ways of mimicking official components
of the Android apps. For example, com.googles.android.gmspackage
attempts to pass itself as the original com.google.android.gms
The Scary Granny would
also display some really legitimate looking ads from other prominent applications
like Messenger, Pinterest, SnapChat, Zalo or TikTok.
The malicious horror
game would make it appear that apps like Facebook and Amazon were actually open
when actually they are only ads pretending to be actual applications.

In one of the cases the
researchers tried out, the ad directed the user to a page which Google blocked flagging
it as being deceptive which clearly implies that it hosts malware or a phishing
attack.

After connecting with an
ad network by way of com.coread.adsdkandroid2019
package, the ads would get distributed to the compromised Android devices.

At the end, to maximize
the profit for its creators, the Scary Granny would try to wrest money form the
users by asking them to pay for their playing privileges via a “pre-populated
PayPal payment page”.

Share this with Your friends:



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published.