Google has removed more than two dozen apps from the Android Market due to malware, according to mobile security firm Lookout.
"This weekend, multiple applications available in the official Android Market were found to contain malware that can compromise a significant amount of personal data," Lookout said in a blog post. "Likely created by the same developers who brought DroidDream to market back in March, 26 applications were found to be infected with a stripped down version of DroidDream we're calling 'Droid Dream Light' (DDLight)."
Lookout identified this most recent malware thanks to a tip from a developer who noticed that modified versions of his and other apps were being distributed in the Android Market.
"Our security team confirmed that there was malicious code grafted into these apps and identified markers associating this code with previously analyzed DroidDream samples," Lookout said. "We discovered 24 additional apps repackaged and redistributed with the malicious payload across a total of 5 different developer accounts."
Lookout said "Droid Dream Light" could affect between 30,000 and 120,000 users. Affected applications include those from Magic Photo Studio, Mango Studio, E.T. Tean, BeeGoo, DroidPlus, and GluMobi.
Lookout warned users to only download apps from trusted sources and to pay attention to the permissions requested by those apps; make sure they "match the features the app provides," Lookout said. Also watch for unusual behavior from your phone, like SMS or network activity you did not initiate, which could be a sign your phone is infected. The company also suggested you download a mobile security app, one of which is available from Lookout, naturally.
Known as BaseBridge, this auto-dialer malware can be installed on legitimate applications. When a user is installing the app, BaseBridge will prompt the user to upgrade. If the user accepts, another prompt asks the user to restart the app, which formally installs the malware, NetQuin said.
"Upon activation, the malware could dial calls or send out SMS messages accordingly, incurring fees for the users," NetQuin said. "Meanwhile, the malware also blocks messages from the mobile carrier to prevent users from getting fee consumption updates in time so that all malicious activities are undertaken stealthily without the user's knowledge or consent. The malware may also insert messages to the inbox of a mobile device at a designated time."
NetQuin said this is the first time auto-dialing malware with fee deduction has been spotted on Android devices, though something similar was once spotted on a Symbian phone. This "is a sign that mobile threats on Android are becoming more diversified," NetQuin said, though "the malware is not distributed through legitimate application stores so far, such as Android Market."
Security Firm F-Secure found that most apps affected by BaseBridge "seem to have been pulled out of circulation already. A lot of heavy forum trawling was required, which is a good thing for most users—it's not easy to get this trojan."
Posts
