This Trojan masquerades as Google Play to hide on your phone in plain sight


A new Trojan has been unmasked by researchers which pretends to be a Google service on infected Android devices.

The malware, dubbed “GPlayed,” is a Trojan which labels itself “Google Play Marketplace” and uses a very similar icon to the standard Google Play app in order to dupe victims into believing the software is legitimate.

According to¬†researchers from Cisco Talos, GPlayed is “extremely powerful” and its key strengths are flexibility and the ability to adapt after deployment.

The Trojan contains a number of interesting built-in capabilities. Written in .NET using the Xamarin mobile environment, GPlayed’s main .DLL is called Reznov, which, in turn, contains a root class called “eClient.”