Infected Fake Versions of Arcade Games on Google Play Threatened Players with Nasty Trojans

Next story

ESET has recently published research on trojan that affected several gaming apps on Android platform. After carefully reviewing our original blogpost and accompanying press release, we are providing an explanation of the facts, since they have been misinterpreted: The authors of the Mapin trojan have taken legitimate clean code of popular games, added malicious code and uploaded a new package to Google Play, as well as alternate Android app stores. The application names were chosen intentionally to resemble the genuine apps. The code was distributed under a different developer name, and was not signed using the official release code signing certificate belonging to the legitimate companies, such as King. Also, the clean versions of the applications on the Google Play store were not affected. It is a very common malware technique to parasitize on the popularity of legitimate applications.These apps were not connected to the genuine gaming apps like Candy Crush Saga (produced by the King company). After careful review of our blogpost and accompanying press release in order to prevent further misunderstandings we have adjusted  our blogposts, press release on ESET HQ communication channels – as well as on local websites such as in India which are operated by separate partner companies and with local content.  We apologize for inconvenience caused by the phrasing to the genuine gaming companies. At ESET we are putting in place another review layer for our content, so such misunderstanding does not repeat in the future. 


ESET recently discovered an interesting stealth attack on Android users. Cybercriminals created fake version of popular arcade games such as Plants vs Zombies, Candy Crush or Super Hero Adventure to deliver backdoor Trojan directly onto victims‘ devices. ESET offers in-depth analysis of this Trojan dropper on These malicious downloads were made available on the official Google Play Store.

ESET telemetry detects fake versions of arcade games that install the Trojan as Android/TrojanDropper.Mapin and the Trojan itself as Android/Mapin. This malware is capable of taking control of victim’s device and make it part of a botnet under attacker’s control. Moreover, Android/Mapin has one addition that makes the detection more complicated – a timer that delays the execution of the malicious payload so victims won’t suspect a game infected their device.

„Some variants of Android/Mapin takes minimum of three days to achieve full Trojan functionality. It may also be one of the reasons why the TrojanDownloader was able to evade Google’s Bouncer malware prevention system,“ says Lukáš Štefanko, Malware Researcher at ESET.

Android/Mapin was able to sneak in Google Play and several alternative Android markets as fake versions of the popular games: Plants vs zombies, Plants vs Zombies 2, Subway suffers, Traffic Racer, Temple Run 2 Zombies, Super Hero Adventure, Candy Crush, Jewel Crush, Racing Rivals and others. Trojan pretends to be a Google Play Update or an application named Manage Settings. According to Štefanko there is possibility that this threat is still under development and the trojan may be improved in the future. Read the whole story on

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedInFacebook and Twitter.