This Trojan masquerades as Google Play to hide on your phone in plain sight


A new Trojan has been unmasked by researchers which pretends to be a Google service on infected Android devices.

The malware, dubbed “GPlayed,” is a Trojan which labels itself “Google Play Marketplace” and uses a very similar icon to the standard Google Play app in order to dupe victims into believing the software is legitimate.

According to researchers from Cisco Talos, GPlayed is “extremely powerful” and its key strengths are flexibility and the ability to adapt after deployment.

The Trojan contains a number of interesting built-in capabilities. Written in .NET using the Xamarin mobile environment, GPlayed’s main .DLL is called Reznov, which, in turn, contains a root class called “eClient.”