Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

DroidDream Turns Into a Nightmare – Google Removes Several Malware Infected Apps from Official Android Market

Related Tech Track: Mitigation of Security Vulnerabilities on Android

Related Tech Track: Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

A new form of mobile malware targeting, once again, Android smartphone users has surfaced today. Dubbed “DroidDream,” the malware has infected multiple applications and is capable of siphoning private data and uploading to remote servers. What’s interesting, and scary, is that the apps in question are coming from the “Official Android Market” which has typically been safer than other direct downloads and “alternative app markets.”

Google has removed several of the applications from the Android Market and is looking into others that may be infected.

A Reddit user had posted a note earlier today on his discovery saying, “Someone just ripped off 21 popular free apps from the market, injected root exploits into them and republished. 50k-200k downloads combined in 4 days.” He also provided some additional details on his findings:

Link to publishers apps here. I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be.

Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK’s, they both contain what seems to be the “rageagainstthecage” root exploit – binary contains string “CVE-2010-EASY Android local root exploit (C) 2010 by 743C”. Don’t know what the apps actually do, but can’t be good.

I appreciate being able to publish an update to an app and the update going live instantly, but this is a bit scary. Some sort of moderation, or at least quicker reaction to malware complaints would be nice.

“Currently there are more than 50 apps that have either been taken down or are being investigated,” according to Dave Marcus, director of security research and communications at McAfee Labs. “What makes this significant is these apps are in the official Android marketplace, not from a third party marketplace. Analysis has shown that these apps can break out of the typical sandbox that most apps reside in, to potentially gain control over the entire device and its data. In terms of attacks and malware, it doesn’t get any worse than root access, which this malware has.”

Advertisement. Scroll to continue reading.

The folks over at AndroidPolice have published some informative posts here and here.

Mobile Security Firm Lookout has provided a list of apps that may be affected.

Related Technical Reading Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.