Wednesday, March 02, 2011

Malware Infects Android Market Several Apps Removed

Some rather unscrupulous developers dumped several nasty pieces of malware into the Android Marketplace over the weekend. A total of 50 apps were affected in one way or the other totaling about "50k-200k downloads combined in 4 days."

A full list of the 50 programs that were either pirated or renamed versions of legitimate Android software can be found at Android Police, who originally reported the issue. Following those reports several more applications were found to have been intentionally infected with a piece of malware dubbed "DreamDroid."

Those applications were from publishers named Kingmall2010 and we20090202 and Myournet, all users have since been removed. In total, more than 50 programs have been pulled from the Android Market.

An analysis of the DroidDream malware by Kaspersky Lab malware researcher Tim Armstrong showed that it's quite stealthy and efficient at its tasks.

"So what is the purpose of this Trojan? The application will attempt to gather product ID, device type, language, country, and userID among other things, and then upload them to a remote server. Unlike most of the other samples seen so far, there is no attempt at sending or receiving premium rate SMS messages," Armstrong wrote in his analysis of the Android malware.

"DroidDream is packaged inside of seemingly legitimate applications posted to the Android Market in order to trick users into downloading it, a pattern we've seen in other instances of Android malware such as Geinimi and HongTouTou," said Lookout CTO Kevin Mahaffey. "Unlike previous instances of malware in the wild that were only available in geographically targeted alternative app markets, DroidDream was available in the official Android Market, indicating a growing need for mainstream consumers to be aware of the apps they download and to actively protect their smart phones."

Google doesn't utilize the stringent application processes other companies use ofr inclusion into their app store. Developers can essentially upload any app they want without so much as a twinge. This openness is part of what has made Google and Android as success. But that same openness leave users open to attacks such as these.Perhaps the only actual protection users have lies in Google's ability to remotely remove applications that are found to be harmful, as it has done here but this action tends to be reactive, not proactive.

Symantec security researcher Mario Ballano recently posted an analysis of "Android.Pjapps," a backdoor Trojan that Chinese hackers used to hijack the legit Steamy Windows app. The malware infiltrated a user's smart phone to send invisible text messages to premium rate numbers, that would then reward the hackers with a commission.

These are only a few of a number of increasingly popular attacks on smartphones as use of devices increase. More of these types of attacks are immanent so users should make themselves more aware of the potential threats they face and not let themselves be blindly led.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you