A pirated version of the Assassin’s Creed application for Android is bundled with malware according to the security-as-as-service from Zscaler.
Assassin’s Creed is a popular, open-world series of adventure games available in various iterations on the XBOX, PlayStation, PC and other gaming platforms. There is also a premium Assassin’s Creed application for Android. However, users seeking to download a pirated free version of that application may find their Android devices quietly infected with a piece of mobile banking malware.
The Trojanized variety of the Assassin’s Creed application has the potential to be quite potent, because when a user downloads it, what he or she is actually downloading is malware. The malware in turn downloads a fully functional, pirated version of the actual application. The gaming app works as advertised, so the standard mobile gamer is going to have a tough time realizing that the package they’ve downloaded is malicious.
The attack is particularly timely during this holiday shopping season because a number of retailers are bundling the latest, XBOX One edition of the series with Microsoft’s newest gaming console. The XBOX One is likely one the most popular gifts this season, particularly among consoles, as reports began surfacing last night that the Microsoft gaming console outsold Sony’s PS4 in November.
The malware, according to Zscaler, has the ability to send multipart text messages, harvest texts from victim devices and send stolen data to a remote command and control server. C&C servers are hard-coded into the applications as bnk7ihekqxp[.]net and googleapiserver[.]net.
“We were able to locate phone numbers belonging to Russian bank Volga-Vyatka Bank of Sberbank of Russia in the malicious application code for which SMS messages are being intercepted to steal sensitive information,” Zscaler researchers wrote. “Another interesting feature we saw is the usage of AES encryption for all the C2 communication. It also harvests the mobile number and Subscriber ID information from the victim device for tracking purposes.”
The application requests a number of permissions including the ability to access network state, get accounts, access the Internet, process outgoing calls, read external storage, read phone state, read SMS, received boot completed, receive SMS, send SMS, wake lock, write external storage and write SMS.
MD5 information is available on VirusTotal. The application itself weighs in at 3.25 MB and the file is called assassins_creed.apk with package name com.dsifakf.aoakmnq.
If users’ stick to the official Google Play store and avoid downloading pirated apps, then they won’t have to worry about downloading this particular malware.
Image courtesy of Google Play Store