{"id":6333,"date":"2014-10-14T12:28:42","date_gmt":"2014-10-14T16:28:42","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=6333"},"modified":"2019-11-15T07:11:26","modified_gmt":"2019-11-15T12:11:26","slug":"spyware-games","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/spyware-games\/6333\/","title":{"rendered":"The Tic Tac Toe Game Spies On You"},"content":{"rendered":"<p><strong>UPDATE<\/strong>: <em>It has been brought to our attention that the following application was actually a proof-of-concept developed by Lacoon Security. This article has been amended in certain places to reflect that reality and that the app is not publicly available. However, the content of and advice contained within this article remain relevant, as an attacker could easily build a similar, publicly available application, which is exactly why Lacoon\u2019s research is so useful.*<\/em><\/p>\n<p>What does a spy need in order to gather information about a victim? He has to establish round-the-clock surveillance that involves several people, then secretly install hidden cameras and microphones, and maybe even steal the victim\u2019s smartphone (and its password, of course). However, these days you can get all of the necessary information in a much simpler way: simply release a free mobile game and wait for the moment when a victim installs it. Unfortunately, this is no oversimplification. Just one simple smartphone app can provide a criminal with a lot of information about a person. Want proof? Experts from Kaspersky Lab have it.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>A proof-of-concept Tic Tac Toe game for Android can spy on you and read your SMS messages and emails<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F2qJG&amp;text=A+proof-of-concept+Tic+Tac+Toe+game+for+Android+can+spy+on+you+and+read+your+SMS+messages+and+emails\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Tic Tac Toe is a simple and easy-to-find game for Android devices, but just as you shouldn\u2019t judge a book by its cover, it\u2019s also a bad idea to think that any app is just a game and nothing more. In reality, this proof-of-concept is a spying tool that is powered by what Kaspersky Researchers are calling the Gomal Trojan, which can steal private data, record a smartphone owner\u2019s voice and even read SMS messages and emails that are stored on a device. Even more importantly, these actions are possible \u2013 both within this experimental app and any other real world one \u2013 because a careless user is granting permission for each right that this malware asks for.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/10\/06042405\/krestik_1-1.jpg\"><img decoding=\"async\" class=\"alignleft wp-image-6336\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/10\/06042405\/krestik_1-1.jpg\" alt=\"krestik_1 (1)\" width=\"242\" height=\"430\"><\/a><\/p>\n<p>This Tic Tac Toe game is asking for many more things than a normal game would have access to. The list of permissions requested by the game is astonishing. For example, it needs to have access to the Internet, the user\u2019s contacts and SMS archive, and also wants to be able to process calls and record sound. The result is predictable: after a user installs and starts the game, the Trojan travels almost everywhere in the smartphone, including memory due to an exploit used to obtain root privileges.<\/p>\n<p>This allows it to steal not only SMS messages and some personal data, but also read emails from an app called Good for Enterprise, if it\u2019s installed on the smartphone. The Good for Enterprise application is positioned as a secure email client for corporate use, so the theft of data from it can mean serious problems for the company where the owner of the device is employed. Therefore, the person could not only lose his or her work, but could also leave the company in huge trouble.<\/p>\n<div class=\"pullquote\">The game starts spying only after a careless user gives it permission to access almost everything on the device.<\/div>\n<p>Actually Tic Tac Toe is not the first of its kind: attempts by cybercriminals to disguise malware as useful applications are common, almost to the point of being routine. However, this game seems to be a new kind of mobile malware, which can steal messages even from secured apps. This game was made to \u201cwork\u201d only with the Good for Enterprise app, but principles upon which this technique is based could be used to steal data from almost any messaging app such as WhatsApp, Viber, you name it.<\/p>\n<p>However, you can easily reduce the risk of infection by mobile malware like this one if you follow our recommendations:<\/p>\n<ul>\n<li>Do not activate the \u201cInstall applications from third-party sources\u201d option.<\/li>\n<li>Only install applications from official outlets (Google Play, Amazon Store, etc.).<\/li>\n<li>When installing new apps, carefully study the rights that they request.<\/li>\n<li>If the requested rights do not correspond with the app\u2019s intended functions, then do not install the app.<\/li>\n<li>Use protection software.<\/li>\n<\/ul>\n<p><em>*You\u2019ll notice that we have continued to refer to this application as malicious throughout this article. This is not because we are taking a hardline here, but rather that as a security company, Kaspersky Lab detects all forms of malware, regardless of their origin or purpose. Kaspersky Lab received samples of the Tic Tac Toe game through a malware exchange with other antivirus companies,<strong> and it was not marked as a proof-of-concept at this time<\/strong>. We saw several potentially malicious functions in this app, and a thorough analysis of TicTacToe revealed that the game code accounted for less than 30% of the executable file\u2019s size. The rest is of the functionality is intended for monitoring users and obtaining personal data. It is for this reason that we began the investigation and reported the incident to the public.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One simple Android game can get as much information about the smartphone\u2019s owner as a real spy can.<\/p>\n","protected":false},"author":214,"featured_media":6334,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[105,846,584,97,845,131,723],"class_list":{"0":"post-6333","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-android","9":"tag-gomal","10":"tag-mobile","11":"tag-security-2","12":"tag-tic-tac-toe","13":"tag-tips","14":"tag-trojans"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/spyware-games\/6333\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/spyware-games\/4244\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/spyware-games\/4154\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/spyware-games\/4677\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/spyware-games\/4906\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/spyware-games\/5633\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/spyware-games\/5633\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/spyware-games\/6333\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/spyware-games\/6333\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/tips\/","name":"tips"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=6333"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6333\/revisions"}],"predecessor-version":[{"id":30686,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6333\/revisions\/30686"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/6334"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=6333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=6333"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=6333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}