In our daily monitoring of the mobile threat landscape, we found a copy of the game Temple Run in the Android Market. Temple Run is a popular game app currently available for iOS only. I checked the app and immediately noticed something odd about it. I decided to analyze it to check if my doubts had any basis. This copy of Temple Run (or so it claims) is seen as available on the Android Market. But if you’ll check the information on the game developer, you'll see that it is not the same developer as the one in indicated in the iOS version, which is Imangi Studios. Once the application is installed and run, it creates shortcuts on an infected smartphone’s homepage. If the Android-based device has Facebook installed, it asks the user to share the fake app on Facebook before playing the game. It would also prompt the user to rate the application in the Android Market. It also is capable of displaying ads using the mobile notification. Once user has shared and rated the app, it displays a countdown of the app's release instead of showing the actual game. We classify this type of app as malware because of its aggressive advertising method. Trend Micro currently detects this fake Temple Run app as ANDROIDOS_FAKERUN.A. We reported this to Google and they immediately removed it from the Android Market. We have since then found other apps doing a similar trick, so users should always be cautious of downloading apps onto their mobile devices. The usage of popular games is not really new, as we've already encountered other Android malware that have used them to hide their malicious activities:
- New Android Malware on the Road: GoldDream "Catcher"
- Trojanized Android App Checks for Keywords in SMS Messages