Android Malware Disguises as “The Roar of the Pharaoh” Game

Image via TechSpot

Malware are continuously targeting Android mobile platform as Network World reported that a legit Chinese game “The Roar of the Pharaoh” got a Trojan clone that attacks Android devices. According to Chester Wisniewski of Sophos, it is a malicious application that collects user information like phone numbers, platform and OS version from the Android device it lands on, and shares it to various malware authors. He also added:

“Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well.”

The Android malware was identified as Andr/Stinite-A by Sophos, and it doesn’t require any permission before installation. This simply means that the application is indeed up to no good. On the other hand, The Roar of Pharaoh is a legitimate Chinese game, although its Android app is deemed not distributed from Google Play.

Mobile Malwares and SMS Scams

The same with the Android malware that mimicked the Netflix app, it’s easy for mobile Trojans to execute SMS scams because telecommunication companies provides the payment processing and the malware authors will be long gone after they got the money and before the user receives his or her counterfeited phone bill. Malware authors are a fan of money laundering service using mobile devices, especially in Europe and Asia, because they can setup premium SMS rate without difficulty.

Other than executing SMS scams, the Trojan also connects with four .com domains using the “tgloader-android” path. Simply put, the malware wants to be referred as TGLoader by other platforms. In relation to this, the source where the fraud Roar of the Pharaoh was branded as “GameUpdate Service.” Although it sounds like a valid name for an application, it is an indication of the campaign’s social engineering part.


Zscaler’s Vice President of Security Research Michael Sutton said that the fraudulent Android app indicated the shift of malware authors to Android devices. He also added that Trojans disguised as a mobile game are increasing and is becoming the typical Android scam as of the moment.

Meanwhile, a legit Android app with a Trojan clone can pose as a challenge to user as it is being distributed to various download sites. Because of the recent Android malware report, users are advised to install mobile apps from legit or official sources only, since brand jacking could also be prevalent on other sources. This is to guarantee the safety of user information, as well as to protect mobile owners from SMS scams.

Leave a Comment