GPlayed Trojan Can Disguise Itself As Google Play Store On Your Android Phone

Last updated June 14, 2021
Written by:
Nitish Singh
Source: GPlayed Trojan / Talos Intelligence

It has been a rough week for Google with the shutdown of Google Plus due to a data leak and criticism coming at the company from all ends. The tech giant is trying to make amends with new security measures in place, but there is yet more troubling news for the company’s mobile platform. A new trojan has been discovered which disguises itself as the Google Play Store and can hide in plain sight on Android devices.

GPlayed Trojan

Image Courtesy of Cisco

The trojan was analyzed by security researchers from Cisco Talos, and it was revealed that “What makes this malware extremely powerful is the capability to adapt after it's deployed. In order to achieve this adaptability, the operator has the capability to remotely load plugins, inject scripts and even compile new .NET code that can be executed.”

Even though the malware is in its testing stages, it is quite potent and can fool the average user into thinking that it is a legitimate app by Google. The GPlayed malware is capable of storing banking credentials, monitor device location, steal device data, log keys and other personal data.

After a Google Android device has been infected, the Trojan registers it to the malware’s command and control server, allowing attackers to steal data. Infected devices have all incoming SMSes transferred to the attacker, allowing them to tap into any two-factor authentication passwords or SMS protect codes for breaking into personal accounts.

The trojan is also capable of escalating privileges on Google Android devices to access device settings. It leads to prompts that are visible to the user, but the malware is designed to repeatedly create popups on a timer. After a user allows access to the app, a seemingly legitimate page pops up requesting payment details to continue getting access to Google services. Victims who enter their details have information stolen by attackers.

GPlayed has already been submitted to antivirus detection platforms, and Google is aware of the malicious program. Google’s Play Store is meant to be a secure platform for delivering apps, and most users choose to download their apps from the Play Store instead of relying on direct downloads from developers or third parties. However, in this case, the vulnerability in the platform can put many to unrest.

What do you think about the GPlayed trojan? Let us know in the comments below. And also, don’t forget to follow us on Facebook and Twitter. Thanks!



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: