Phony Google Android Market Security Tool Spreads More Malware

Researchers spot Trojanized version of Google's security patch for Android Market

Dark Reading Staff, Dark Reading

March 11, 2011

2 Min Read
Dark Reading logo in a gray background | Dark Reading

A repackaged and Trojan-rigged version of Google's newly published Android Market Security Tool is in circulation in a Chinese app marketplace -- and the malicious app's code appears to be based on a project hosted on Google Code and licensed via the Apache license, according to researchers at Symantec who discovered it.

The rogue Android Market Security Tool appears to force the smartphone that downloads it to send SMS messages. Symantec researchers say they are still evaluating the malware.

Google this week remotely pushed the real Android Market Security Tool app to all of the Android devices that were infected by 50-plus free apps found on the Android Market to be carrying malware that "roots" the phone, steals data, and installs a back door. An initial estimate of anywhere between 20,000 to 500,000 infected users had downloaded the app and were infected by the malicious apps by the time Google was alerted to and yanked the phony apps. Now some security experts are reportedly counting 260,000 infected users.

"We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices," Google's Android Team posted on the Market support site.

The good news about the rogue knock-off is that it's not circulating on the Android Market, and it gives itself away when you look at the permissions it requires upon installation, notes Vanja Svajcer, principal virus researcher for SophosLabs. "While the original tool only requires three permissions, the Trojanized version requires additional permissions for 'Services that cost you money' as well as the device location," Svajcer Website said in a post on the app.

"Personally, I think that the ability to install non-market applications and ability to create third party application markets was a mistake for Google's Android team from the security point of view. This path is leading us to Windows-like threat levels," Svajcer said.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

2011

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Black background and white text saying Dark Reading Confidential
Vulnerabilities & Threats
Dark Reading Confidential: Pen Test Arrests, Five Years LaterDark Reading Confidential: Pen Test Arrests, Five Years Later
byDark Reading Staff
Sep 10, 2024
42 Min Listen
Digital flowchart abstract blue background. Computer software algorithm conceptual illustration.
Application Security
CISA Urges Software Makers to Eliminate XSS FlawsCISA Urges Software Makers to Eliminate XSS
byEdge Editors
Sep 17, 2024
2 Min Read
A canary in a coal mine
Cybersecurity Analytics
Infostealers: An Early Warning for Ransomware AttacksInfostealers: An Early Warning for Ransomware Attacks
byNate Nelson, Contributing Writer
Sep 18, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events