Phony Google Android Market Security Tool Spreads More Malware
Researchers spot Trojanized version of Google's security patch for Android Market
A repackaged and Trojan-rigged version of Google's newly published Android Market Security Tool is in circulation in a Chinese app marketplace -- and the malicious app's code appears to be based on a project hosted on Google Code and licensed via the Apache license, according to researchers at Symantec who discovered it.
The rogue Android Market Security Tool appears to force the smartphone that downloads it to send SMS messages. Symantec researchers say they are still evaluating the malware.
Google this week remotely pushed the real Android Market Security Tool app to all of the Android devices that were infected by 50-plus free apps found on the Android Market to be carrying malware that "roots" the phone, steals data, and installs a back door. An initial estimate of anywhere between 20,000 to 500,000 infected users had downloaded the app and were infected by the malicious apps by the time Google was alerted to and yanked the phony apps. Now some security experts are reportedly counting 260,000 infected users.
"We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices," Google's Android Team posted on the Market support site.
The good news about the rogue knock-off is that it's not circulating on the Android Market, and it gives itself away when you look at the permissions it requires upon installation, notes Vanja Svajcer, principal virus researcher for SophosLabs. "While the original tool only requires three permissions, the Trojanized version requires additional permissions for 'Services that cost you money' as well as the device location," Svajcer Website said in a post on the app.
"Personally, I think that the ability to install non-market applications and ability to create third party application markets was a mistake for Google's Android team from the security point of view. This path is leading us to Windows-like threat levels," Svajcer said.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2011About the Author
You May Also Like