loader gif

Malicious Android Game With Over 50,000 Downloads Found Stealing Users’ Personal Data

Malicious Android Game With Over 50,000 Downloads Found Stealing Users’ Personal Data
  • Known as “Scary Granny ZOMBY Mod: The Horror Game 2019”, the malicious application had features similar to another game called Granny.
  • It was reported that this fake game accessed personal data once users provided their Google credentials.

Security researchers have uncovered a malicious application which was siphoning personal data of users with the pretense of being a game. The application masquerading as a puzzle game was stealing data from users’ Google accounts.

Known as “Scary Granny ZOMBY Mod: The Horror Game 2019”, it had features similar to another popular game called Granny. The app had around 50,000 downloads on Google Play Store. Researchers from security firm Wandera, who discovered this malicious app, provided a detailed analysis to CyberScoop.

The big picture

  • When users loaded a game session in the app, a full-screen advertisement would pop up asking them to pay 18 pounds ($22).
  • After this, for a fraction of users, a phishing page impersonating Google Sign In was displayed. Entering the credentials let the app to log in to the Google account and access private data.
  • Wandera researchers indicated that this app acted in malicious ways only on Android phones having versions prior to Android Oreo.
  • Further investigation revealed that the app also had an adware file that sought root privilege to the device OS.

Worth noting

Michael Covington, VP of Product at Wandera, told CyberScoop that the “Scary Granny” app recorded sensitive data after it accessed users’ Google accounts. “It’s logging into the profile section of your Gmail and going through tab by tab and taking screenshots of your personal information. It’s taking all of that data and sending it somewhere,” Covington said.

Upon notifying Google, the app was removed from the Play Store. However, the developer of this app is still unknown as it was registered under a bogus name and a fake email address.

loader gif