Android may have security features built into the operating software that reduce the chances of a security breach but Android users and Nintendo fans should be on guard. There’s a new piece of Android malware on the loose that is showing up in third-party app stores dressed as a classic Nintendo game. First identified by cyber-security firm Palo Alto Networks, this malware is said to look and act like advertising software. Its main goal is to steal your personal information.

gunpoder

The malware infecting Android devices is hidden in a gaming app and better known as Gunpoder. Based on an open-source Nintendo Entertainment System (NES) emulator, the app is being downloaded by 1980s and 1990s Nintendo games fans. It’s available via third party app stores. But how does it work?

Once the app has been downloaded the app displays a message that says it is ad supported. When you tap “OK” you are agreeing to let a program called Airpush collect data from your Android device. Airpush is regularly used to push in app mobile adds. In this case however, using the NES emulator, it collects personal information including location, contacts, and information about the device you’re using. “They’re trying to build a profile of people so they can target them for spearfishing or other malicious activity in the future,” says Scott Simkin, the senior threat intelligence manager at Palo Alto Networks.

After agreeing to have your data collected, the app dishes out another notice asking users to purchase a “Lifelong License” for the small fee of $0.45. If you do so, the app will collect your payment info and charge you the pocket change fee. Palo Alto Networks says that using Airpush allows Gunpoder to avoid detection by antivirus software since most antivirus software doesn’t block or detect adware as malware.

For more detailed information regarding Gunpoder, you can read Palo Alto Network’s research release here.