Infected NES games for Android steal your data, text your friends, ask for cash


A nostalgic speed run through Super Mario Bros. on your Android phone could cost you more than a few extra lives, according to a recent report from Palo Alto Networks.

Gunpoder is a nasty family of malware that sneaks in undetected by many antivirus programs under the guise of adware. It’s packaged on classic NES game apps with Airpush, an adware library with many legitimate advertisements. Airpush tells Palo Alto Networks its platform was abused by Gunpoder and it is not responsible for the virus.

How Gunpoder Works

Victims download infected emulated NES games like Super Mario Bros. in the form of .apk files outside of the Google Play Store. These games are not sanctioned by Nintendo, instead using an open-source emulator framework called Nesoid. Once installed, malicious ads start collecting information off your phone.

Gunpoder steals your bookmarks, browser histories, and contact lists. It can then SMS your contacts with a link to download the app, with the message, “a fun game , ^_^ <link>”. The malware also pushes fraudulent advertisements disguised as Facebook pages, which ask you to fill out surveys and install more apps in order to receive a gift.

To make things worse, the app also prompts you to pay for a lifelong license on launch using PayPal or Skrill. Clicking the “cheats” button, which is usually free, also opens the payment dialog. Granted, you’d have to be pretty gullible to pay the 49 cents as the malware’s message is poorly written (”once pay, lifelong owning an incredible arcade game. Great! Certainly!”).

How to avoid Gunpoder

Palo Alto Networks says the trend of repackaging open-source software as harmful apps is a growing one. The easiest way to avoid such attacks is to abstain from app stores that aren’t Google Play. But if you insist on using external app stores, be sure to thoroughly check the app’s permissions, read reviews, and do research on the developer and publisher before installing.

What to do if you think you might be infected with Gunpoder

If you’ve recently been battling Bowser on your Samsung and you think you might be infected, restart the phone in Safe Mode and uninstall the app. In some cases, you may have to disable the app’s administrator status. Find detailed instructions on how to do all this here.

Gunpoder has been identified in thirteen countries so far: the US, Spain, Italy, France, Russia, Thailand, India, Indonesia, Mexico, Brazil, Saudi Arabia, Iraq, and South Africa. Notably, China is missing from that list, and the virus will not send an SMS to users located in China.

How to play Nintendo games without getting infected

Nintendo has been slow to adapt to the smartphone gaming trend, but for those who want to play some classic NES games, plenty of free and safe emulators are available on Google Play. Keep in mind, however, that the ROM files containing the individual games are often not included, and downloading them without paying is akin to piracy.


Featured image: Evan-Amos / The Vanamo Online Game Museum (image has been edited)


  1. For example, if there is a tall building or structure in Angry Birds, you should be inclined to attack the point where the weight rest’s
    on, or the weak point of the structure. West of Cabarete
    might be a known break , which we will not name here. Now cut a felt paper to match the shape of the face of your Angry Bird.

  2. I’ve learned newer and more effective things through your weblog. One other thing I would like to say is that newer pc operating systems have a tendency to allow a lot more memory to be played with, but they likewise demand more memory simply to work. If your computer cannot handle much more memory and the newest application requires that storage increase, it may be the time to shop for a new PC. Thanks

  3. Admiring the time and effort you put into your site and in depth information you offer. It’s great to come across a blog every once in a while that isn’t the same outdated rehashed information. Fantastic read! I’ve bookmarked your site and I’m including your RSS feeds to my Google account.

  4. I have ead several just right stuff here. Certainly
    value bookmarking for revisiting. I woncer how a
    lot effort you put to make this kind of fantastic informative web site.