Zombie game for Android found to be stealing personal data

Scary Granny ZOMBY Mod, downloaded 50,000 times, was harvesting credentials, researchers found

An Android game called Scary Granny ZOMBY Mod: The Horror Game 2019 has been discovered to be maliciously targeting users to steal personal data.

The game was downloaded over 50,000 times before researchers from the mobile security company Wandera identified the application as potentially harmful to users. The app would ask some users to enter their Google account details. The victim's username and password would then be used to collect personal data from the account with as yet unknown intent, according to a report by Cyberscoop.

The malicious app seemed only to target newer Android phones, with operating systems released after Oreo. It is unknown how many of the 50,000 users' had their data compromised.

The app is a clear take on Granny, which has more than 100 million downloads on the Google Play Store to date.

The app listing on the Play Store said that in-app purchases would feature, but the large number of full-screen advertisements and borderline unavoidable payments that featured on the app were excessive, even in the world of online games. And although the app was listed as free on the Play Store, upon opening the app users were informed that in order to close the first full-screen ad and access the game, a total of £18 would have to be paid. While it was possible to avoid this payment, the screen automatically populated with some of the users' wallet information.

When asking for Google account details, the game would place a seemingly unclosable page on the user's screen that faked a Google login page, asking users to "sing in" rather than sign in. While victims were using the app, the account details would be used to find their recovery email address, recovery phone numbers, birth date, verification codes, as well as some cookies and tokens.

"There is no doubt in my mind that this app is malicious and puts private user data at risk," Michael Covington, vice president of product at Wandera, told Cyberscoop. "It's logging into the profile section of your Gmail and going through tab by tab and taking screenshots of your personal information. It's taking all of that data and sending it somewhere."

The developer of the game was given as Top Games Studio.,jlk. The developer's site directed to an unregistered domain and the email address listed on the Play Store was fake. No other games on the Play store were found from this developer. The game has now been removed.