VERY IMPORTANT

We at ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with one interesting addition: the application was bundled with another application with the name systemdata or resourcea and that’s certainly a bit fishy. Why would a regular game downloaded from the official Google Play store come with another application named systemdata? This particular application/game from Google Play Store is certainly not a system application, as the name seems intended to suggest. The packaged application is dropped silently onto the device but has to ask the user to actually install it. The app requesting the installation is passed off as a ‘Manage Settings’ app. After installation, the application runs in the background as service. ESET detects the games that install the Trojan as Android/TrojanDropper.Mapin and the Trojan itself as Android/Mapin.