I’ve been banging on about gaming again – this time to our editor, Ben. I’d been talking about the utterly fantastic Temple Run 2, which I’ve been addicted to ever since I found it on the Google Play store.
But as soon as I mentioned the Android app store, Ben let me have it. “There’s so much dodgy stuff on there – it’s all malware,” he said, before reeling off a whole load of reasons why he likes his BlackBerry Z10 better than my HTC One (that’s another conversation entirely).
“Rubbish!” I retorted. “Google’s sorted it out. And anyway, any malware on there is so obviously malware that you’d have to be a moron to download it.”
You can imagine the glee in Ben’s eyes, then, when I sheepishly told him – just three days later – that I’d managed to download some malware onto my phone.
The culprit was what purported to be Temple Run 3. Seeing the recommendation, I clicked on it without hesitation, but when I opened the app, I simply saw a pixelated version of the Temple Run 2 home screen. Feeling a sense of apprehension, I closed the app straight away and uninstalled it.
I was right to do so. Looking back to the app’s page on the Google Play store, I saw that it was full of tell-tale signs. For example, the developer, which had some generic, tech-sounding name, had no other apps on its page. What’s more, the copy to describe the app had been lifted from the genuine Temple Run: Brave page. Screenshots, meanwhile, were lifted from another game in the Temple Run series.
The comments section is where things really got interesting. People complained about having to input personal details before playing the game, which turned out to be exactly the same as Temple Run 2.
Now, I don’t know if this really was a piece of malware, but the signs certainly suggest so. What I saw is eerily reminiscent of what’s described in this recent Phandroid article, which advises people to stay away from two apps purporting to be free versions of popular games – one of them including Temple Run: Oz.
Meanwhile, there are scores of articles across the Internet warning users that hackers are using the popularity of the Temple Run series to insert malware on phones. These date back as far as February 6, 2012, when Trend Micro found a fake version of the first Temple Run game on the Android Market – as it was then called – despite it only being available on iOS at the time.
I don’t know why I was surprised to learn this – all the big security vendors have been saying for years that Android is being increasingly targeted by hackers, so why wouldn’t they use the lure of such a popular game?
Funnily enough, I went to the Trend Micro office in Dubai today. The security vendor’s team wanted to show me how easy it was to get infected with mobile malware – and indeed how easy it was to infect someone else if you wanted. A lot of the tools are available for anyone to buy – all you have to do is find out where to look. What’s more, the team said, if you do decide to get involved in the mobile malware game, you’re virtually undetectable.
The things that cyber-criminals are able to do with your phone are terrifying. Just one accidental download can land you with undetected malware that will, for example, send SMS messages to premium numbers without you knowing. The local Trend team described one case about someone who lost about $150 per month via this type of malware.
Another case saw a cyber-criminal take complete control of a smartphone by sending the user what looked like a legitimate text message. Again, anyone can do this. And once you have infected someone’s device, you have access to call logs, messages and emails – you can even record phone conversations or turn on the microphone to listen in on what’s happening in the room.
So what did my Temple Run 3 malware do? To be honest, I think I was lucky – my mobile bill isn’t showing anything out of the ordinary, and my – newly installed – mobile security suite says everything is A-okay. For everyone else, you don’t seem to have anything to worry about – I can’t find anything about this piece of malware online, and it doesn’t appear to be on the Play store anymore.
Having told Ben all of this, he rolled his eyes and said, “If you weren’t a tech journalist, you’d have been done.”
Then he laughed in my face. And I suppose he had a right to – despite my assertions, the Play store is still something of a minefield.