This Scary Game Stole Passwords From Thousands of Android Users
Security researchers with Wandera recently discovered that a seemingly legitimate Android mobile game available on Google Play actually targeted users with adware, and phishing attacks aimed at stealing Google account credentials. The game, called Scary Granny, was downloaded by 50,000 users before Google was informed about is malicious nature by Wandera and removed it from the official Android app store.
While Google has put protections in place to prevent threat actors from uploading malware to the Play Store, the makers behind Scary Granny succeeded in uploading their app for two reasons. First, the app was a fully functional horror game that mimicked a popular game. Second, once installed, the app wouldn’t do anything malicious for the first few days.