The Tic Tac Toe Game Spies On You

One simple Android game can get as much information about the smartphone’s owner as a real spy can.

What does a spy need in order to gather information about a victim? He has to establish round-the-clock surveillance that involves several people, then secretly install hidden cameras and microphones, and maybe even steal the victim’s smartphone (and its password, of course). However, these days you can get all of the necessary information in a much simpler way: simply release a free mobile game and wait for the moment when a victim installs it. Unfortunately, this is no oversimplification. Just one simple smartphone app can provide a criminal with a lot of information about a person. Want proof? Experts from Kaspersky Lab have it.

Tic Tac Toe is a simple and easy-to-find game for Android devices, but just as you shouldn’t judge a book by its cover, it’s also a bad idea to think that this app is just a game and nothing more. In reality, Tic Tac Toe is a decent spying tool that is powered by the Gomal Trojan, which can steal private data, record a smartphone owner’s voice and even read SMS messages and emails that are stored on a device. Even more importantly, all of these actions are possible because a careless user is granting permission for each right that this malware asks for.

krestik_1 (1)

And Tic Tac Toe is asking for many more things than a normal game would have access to. The list of permissions requested by the game is astonishing. For example, it needs to have access to the Internet, the user’s contacts and SMS archive, and also wants to be able to process calls and record sound. The result is predictable: after a user installs and starts the game, the Trojan travels almost everywhere in the smartphone, including memory due to an exploit used to obtain root privileges. This allows it to steal not only SMS messages and some personal data, but also read emails from an app called Good for Enterprise, if it’s installed on the smartphone. The Good for Enterprise application is positioned as a secure email client for corporate use, so the theft of data from it can mean serious problems for the company where the owner of the device is employed. Therefore, the person could not only lose his or her work, but could also leave the company in huge trouble.

The game starts spying only after a careless user gives it permission to access almost everything on the device.

Actually Tic Tac Toe is not the first of its kind: attempts by cybercriminals to disguise malware as useful applications are common, almost to the point of being routine. However, this game seems to be a new kind of mobile malware, which can steal messages even from secured apps. This game was made to “work” only with the Good for Enterprise app, but principles upon which this technique is based could be used to steal data from almost any messaging app such as WhatsApp, Viber, you name it.

However, you can easily reduce the risk of infection by mobile malware like this one if you follow our recommendations:

  • Do not activate the “Install applications from third-party sources” option.
  • Only install applications from official outlets (Google Play, Amazon Store, etc.).
  • When installing new apps, carefully study the rights that they request.
  • If the requested rights do not correspond with the app’s intended functions, then do not install the app.
  • Use protection software.