Android Market: thousands affected as 26 new malware apps discovered

Discussion in 'The Water Cooler' started by reghakr, May 31, 2011.

  1. reghakr

    reghakr Excellent Member

    Jan 26, 2009
    Likes Received:
    Over 100,000 Android users may have been affected by malicious apps, as 26 more malware programs have been identified on Google’s Android Market.

    Lookout Mobile Security made the discovery over the weekend, and believes that the rogue software was likely created by the same persons who created the ‘DroidDream’ malware that was discovered in dozens of Android apps a couple of months back.

    The security firm followed up tips from legitimate developers who had noticed that their apps were being redistributed with modified code, and subsequently discovered a new stripped-down version of the same DroidDream code, which they’ve since dubbed ‘Droid Dream Light’.

    Lookout has already informed Google of its discoveries, which has resulted in the offending apps being withdrawn from the Market.

    According to Lookout, once installed on a user’s device, the user doesn’t even have to open the apps for their device to be at risk; the code can be activated by an external triggering event, such as an incoming voice call, which then prompts the device to send data to a remote server, such as the IMEI number and information about installed programs.

    Google may choose to activate its ‘app kill switch’ to remotely wipe the problem programs from users’ devices, but for now, check the list below to see whether or not you may have infected apps installed on your device, and visit Lookout for more information on how to deal with them.

    The list of infected apps includes:

    Magic Photo Studio

    •Sexy Girls: Hot Japanese
    •Sexy Legs
    •HOT Girls 4
    •Beauty Breasts
    •Sex Sound
    •Sex Sound: Japanese
    •HOT Girls 1
    •HOT Girls 2
    •HOT Girls 3
    Mango Studio

    •Floating Image Free
    •System Monitor
    •Super StopWatch and Timer
    •System Info Manager
    E.T. Tean

    •Call End Vibrate

    •Quick Photo Grid
    •Delete Contacts
    •Quick Uninstaller
    •Contact Master
    •Brightness Settings
    •Volume Manager
    •Super Photo Enhance
    •Super Color Flashlight
    •Paint Master

    •Quick Cleaner
    •Super App Manager
    •Quick SMS Backup

    Source: - Android Market: thousands affected as 26 new malware apps discovered
  2. reghakr

    reghakr Excellent Member

    Jan 26, 2009
    Likes Received:
    26 applications containing a variation of the DroidDream Trojan have been found on the official Android Market and are believed to have been downloaded by at least 30,000 users.

    Lookout researchers believe that they were created and uploaded by the same developers who were behind the original DroidDream onslaught back in March.

    It seems that the stripped down Trojan code has been added to legitimate apps and the apps were consequently uploaded and made available via six developer accounts.

    According to F-Secure researchers, the grafted code is triggered only after the infected phone receives a text message:


    After that, it contacts remote servers and sends out information such as the phone model, its IMEI, IMSI, Software Development Kit's version, and more.

    "It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention," add the Lookout researchers.

    Even though Google has already pulled the trojanized apps from the Market, users are urged to always be careful when downloading apps - to avoid downloading them from untrusted sources, to look critically at the permission they request and to always be on the lookout for unusual behavior on their phone.

    For a list of the affected apps found so far, go here.

    Source: 26 trojanized apps pulled from Android Market
  3. reghakr

    reghakr Excellent Member

    Jan 26, 2009
    Likes Received:
    According to security researcher Tim Wyatt, 120,000 Android users downloaded malware infected applications from the official Android Market. The malware was contained in more than 25 applications that Google has since removed from its mobile app store. This is the second such reported outbreak of malware in the App store in the last few months.

    At present Google does not screen Android Marketplace applications for malware. The current approach appears to be to wait for security researchers to find apps infected with malware and to remove them in a post hoc manner. The problem with this is that up until now, the malware has been piggy backing on warez versions of existing applications. The only reason they come to anyone’s attention is that the authors of the warezed apps raise a stink about people profiting off their work. If a malware writer instead wrote their own app from the ground up, it seems likely that no one at Google would notice.

    As Android’s market share grows, attacks against mobile handsets through malware are likely to increase and a post hoc cleanout strategy is less likely to be successful. What really needs to happen is that Google needs to become proactive about analyzing the apps that it publishes in its marketplace before it publishes them and not take a post hoc approach where up to 120,000 users are infected by installing applications from a service they considered reliable and secure. This is especially important given that Google intends Android to become a mobile pay station through its Google Wallet service. The malware authors who’ve found it straightforward to publish to the Android Marketplace must be licking their lips in anticipation about getting their fingers into that pie.

    Source: Up to 120,000 users download infected apps from Android Market - Hyperbole, Embellishment, and Systems Administration Blog

Share This Page