×

Hackers use fake mobile games to steal data

Hackers are packing malicious viruses into fake mobile Nintendo games to infect Android devices, a new report reveals.

The malware – or malicious software – known as "Gunpoder" has the ability to steal personal information as well as take payments.

Attackers embed malicious code into what is known as Nintendo Entertainment System (NES) emulator, according to Palo Alto Networks's report. This NES app, not affiliated to Nintendo, lets you play very old games from the Japanese company such as Super Mario on your mobile device.

Once a user downloads the app, a pop-up appears with terms and conditions telling the user that the software has advertisements and collects data from your device and share it with third parties. By tapping "ok" the user is giving permission for Airpush -- software that allows developers to show ads within their app -- to carry out a data collection.

Soren Hald | Getty Images

When the user is past this stage, another pop-up asks if they would like to pay a "lifelong" subscription for the service. Using an online payment method such as PayPal or Skrill, users will be asked to pay between $0.29 or $0.49.

Now the hackers are able to steal personal data such as location and contacts as well take money from users. By obtaining these details, hackers can carry out more targeted attacks such as sending a personalized email or text message with a malicious link.

Due to the use of Airpush, the Gunpoder malware was able to evade antivirus software. Airpush is a legitimate third-party ad software that has "aggressive" data collection practices. But antivirus software labels Airpush as "adware" – or advertising software – and does not see it as dangerous. Because Airpush was included as part of the malware, the antivirus software was tricked and didn't block it.

Read More5 billion Android apps open to hack

"The inclusion of the Airpush advertisement library causes many antivirus programs to simply label Gunpoder samples as adware, which is often not blocked by default. This allows some of the more malicious activity present in Gunpoder to continue unnoticed," Palo Alto noted.

The NES app would also automatically send out text messages to a gamer's contact list containing a malicious link in order to spread the malware.

Gunpoder targets Android users in at least 13 different countries, including Iraq, Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Saudi Arabia, Italy, the United States, and Spain, Palo Alto said.

Google and Airpush were not available for comment.