Multiple applications available in the official Google Android Market have been found to contain malware that can compromise a significant amount of personal data. Likely created by the same developers who brought DroidDream to market back in March, more than 25 applications were found to be infected with a stripped down version of DroidDream security researchers are calling “Droid Dream Light” (DDLight). At this point between 30,000 and 120,000 users are believed to have been affected by DroidDreamLight.
Mobile security firm, Lookout Security Team has identified a malware that modifies Android apps and then distributes the modified versions of those developer apps in the Android Market. “Our security team confirmed that there was malicious code grafted into these apps and identified markers associating this code with previously analyzed DroidDream samples. We discovered 24 additional apps re-packaged and re-distributed with the malicious payload across a total of 4 different developer accounts,” said Tim Wyatt, a security researcher at Lookout Security.
Google has removed all of the apps known to be infected from the Android Market while they investigate.
The list of infected applications includes:
Magic Photo Studio
- Sexy Girls: Hot Japanese
- Sexy Legs
- HOT Girls 4
- Beauty Breasts
- Sex Sound
- Sex Sound: Japanese
- HOT Girls 1
- HOT Girls 2
- HOT Girls 3
Mango Studio
- Floating Image Free
- System Monitor
- Super StopWatch and Timer
- System Info Manager
E.T. Tean
- Call End Vibrate
BeeGoo
- Quick Photo Grid
- Delete Contacts
- Quick Uninstaller
- Contact Master
- Brightness Settings
- Volume Manager
- Super Photo Enhance
- Super Color Flashlight
- Paint Master
Explaining how the malware works, Wyatt said, ”Malicious components of DroidDream Light are invoked on receipt of a andoird.intent.action.PHONE_STATE intent (eg. an incoming voice call). DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior. The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.”
About two weeks ago, 11 Android apps were found to be infected with malware that covertly sent SMS from your mobile to premium numbers in China. The increasing popularity of Android in the mobile space is making it the favorite target for malware writers these days. Therefore, just the way we follow safe surfing habits on the desktop, the same needs to be extended to the mobile.
Lookout Security has suggested the following measures to prevent infection from such malware:
- Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
- Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
- Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
- Download a mobile security app for your phone that scans every app you download to ensure it’s safe.