A new family of Android malware adds insult to injury by making users pay for the data-stealing application.Palo Alto Networks found three variants of the malware, which it calls Gunpoder, masquerading as emulator applications used to play Nintendo games.Antivirus engines are having trouble detecting Gunpoder’s malicious code since it is packaged with an adware library called Airpush, wrote Cong Zheng and Zhi Xu of Palo Alto’s Unit 42 research group.[ ALSO ON CSO: Android malware fakes phone shutdown to steal data ] “The malware samples successfully use these advertisement libraries to hide malicious behaviors from detection by antivirus engines,” they wrote. “While antivirus engines may flag Gunpoder as being adware, by not flagging it as being overtly malicious, most engines will not prevent Gunpoder from executing.”Gunpoder apps can do a variety of invasive actions, including collecting bookmarks and browser histories, sending itself to other people over SMS, showing fraudulent advertisements and executing other code. And users get to pay for that data-stealing capability. When a Gunpoder app is launched, it asks users to buy a lifelong license for the emulator for US$0.20 or $0.49, payable through PayPal or Skrill.So far, Gunpoder appears to be targeting people in Iraq, Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Saudi Arabia, Italy, the U.S. and Spain, Palo Alto said.Curiously, the malware is programmed to not send itself by SMS to other numbers in a phone’s contact list if the user is in China.Its coders have also co-opted the Airpush advertising library with a fraudulent ad.“The fraudulent advertisement page attempts to mimic a Facebook page,” Palo Alto wrote. “It requests that victims finish a number of surveys and asks them to install various applications in order to receive a gift.”Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content news UK CSO 30 Awards 2023 winners announced By Romy Tuin Dec 05, 2023 4 mins CSO and CISO news analysis Deepfakes emerge as a top security threat ahead of the 2024 US election As the US enters a critical election year, AI-generated threats, particularly deepfakes, are emerging as a top security issue, with no reliable tools yet in place to combat them. By Cynthia Brumfield Dec 05, 2023 7 mins Election Hacking Government Security Practices feature How cybersecurity teams should prepare for geopolitical crisis spillover CISOs can anticipate and prepare for cyberattacks conducted by participants in geopolitical conflict such as the Israel/Hamas war by understanding the threat actors' motivations and goals. By Christopher Whyte Dec 05, 2023 12 mins Advanced Persistent Threats Threat and Vulnerability Management Risk Management news analysis P2Pinfect Redis worm targets IoT with version for MIPS devices New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. By Lucian Constantin Dec 04, 2023 5 mins Botnets Hacker Groups Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe