Malware-laden Android Games caught spreading Adware to more than 4.5 million Android users

An Android app component designed to provide inter-user chatting capabilities was found to be opening websites and clicking on ads in Android devices’ background. This malicious component, according to a report released last week, is part of a software development kit or SDK offered by a Chinese company is known as呀呀云 (Ya Ya Yun).

A lot of Android app developers use the software development kit of Ya Ya Yun in adding an instant messaging feature to the games that they create. Meaning to say, Android games use the SDK for chat purposes and will free up developers to cater to other features of the game. This kind of design practice of using an SDK to offload many app features to remote services is actually dangerous as it provides access to a remote company which can take control over the app.

So for the Android game developers who selected the Ya Ya Yun SDK, it was a definitely a mistake they shouldn’t make again. According to a Russian antivirus vendor Dr. Web, their mobile security researchers were able to spot the apps that contain this SDK on the official Google Play Store. As it turns out, these apps were also downloading other components that are hidden inside benign images according to Dr. Web.

The Ya Ya Yun SDK was caught downloading these benign images, unpacking the malicious component inside as well as running it on the infected device. So far, the malicious components that the SDK downloaded only opened a URL inside a hidden browser and clicked on ads which obviously are for the benefit of the crooks. However, security experts claimed that this could escalate to more malicious actions.

“Virus writers are capable of creating additional Trojan modules that will perform other malicious actions. For example, display phishing windows to steal login credentials, show advertising, and also covertly download and install applications,” stated some security experts of Dr. Web on the report they published a week ago.

Security experts were able to identify this malicious behavior on 27 Android games that are all available in the Google Play Store which are installed in over 4.5 million devices. Google was already notified regarding this issue and have yet to comment. But still, eight days after Dr. Web’s report was released to the public, the reported apps are still available on the Play Store so there’s that.

In these kinds of cases, Google usually deactivates the reported malware-laden apps until the developer themselves remove the malicious component. Even though some of the apps are still available up to this day, they might no longer contain the malicious behavior anymore but it’s still better to be safe than sorry so below is the list of the apps containing the Ya Ya Yun’s SDK: