“Scary Granny ZOMBYE Mod: The Horror Game 2019” was a horror game that mimicked another popular Android game “Granny”. Users were tasked with running away from zombies while uncovering extra lives and various weapons. The game was installed over 50,000 times and boasted a 4-star review in the Google Play store before it was removed on June 27th.
Image credit: Wandera
Security researchers at the mobile security solutions company Wandera discovered that the game was covertly stealing data. The app particularly targeted those who did not have the latest Android OS. It featured a time-release function and would act normally for several days before displaying malicious behavior. After a few days, the app would display a notification that encouraged users to update their Google security information. The user would then be taken to a fake Google sign-in page whose package name was very similar to Google’s legitimate one.
The app was fairly persistent. It would ask for permission to be launched when the device was rebooted. It would then display its fake Google overlay and take up the device’s entire screen. Through these methods the app was able to steal users’ recovery emails, recovery phone numbers, birthdays, verification codes, and cookies and tokens. Although the researchers were unable to confirm whether the app was stealing users’ Facebook data, the app did contain a suspicious Facebook package name. It appears that the attackers were working towards being able to steal this information too.
The app also included fake ads for apps such as Amazon, Hulu, Instagram, and Snapchat. The researchers believe that the attackers were trying to get users to download even more malicious apps. They noted that one of the ads redirect them to a page that Google actively blocked.
On top of it all, the app was also trying to drain money from its users. The app would ask whether the user wanted to pay for the game or play a free trial. If the user selected “free trial”, the app would load a PayPal page requesting £18 ($22 USD).
Once recent study determined that Google Play hosts a wide variety of counterfeit apps. Although most of these apps are quickly removed, “Scary Granny ZOMBYE Mod: The Horror Game 2019” managed to remain under the radar for quite some time. The researchers believe that the app was above suspicion for awhile because it functioned like a legitimate game. The time-release function also meant that it took a few days before the game behaved in a malicious manner. As with any app, it is important to check an app’s permissions before downloading and installing it on your device.