More than 50 Android apps found infected with rootkit malware

 

http://www.guardian.co.uk/technology/blog/2011/mar/02/androi...

More than 50 applications on Google's Android Market have been discovered to be infected with malware called "DroidDream" which can compromise personal data by taking over the user's device, and have been "suspended" from the store.

Google removed the apps from the Market immediately on being alerted, but it is not clear whether it has removed them from devices to which they have been downloaded. As many as 200,000 Android devices could have been infected.

The revelation comes from Android Police, a news site on Google's operating system, which calls it "the mother of all Android malware", noting that its examination had found that it "steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that's all child's play; the true pièce de résistance is that it has the ability to download more code. In other words, there's no way to know what the app does after it's installed, and the possibilities are nearly endless."

Lookout, a security company, which in a blogpost lists the 50-plus apps discovered to be infected. (The list is also below, via Lookout.)

Smartphones running Google's Android software have become enormously popular and are reckoned to be close to taking over worldwide as the fastest-selling smartphone platform, ahead of Finland's Nokia. Its growth has been fuelled by the fact that the software is free to license, and for developers there is no charge or checks to putting apps on the Market – unlike Apple's iPhone App Store, which checks every app against a suite of tests for suitability before allowing it on its store.

That has led the Market to grow rapidly, but also makes situations like the latest one – which is not the first case of malware found on the Market – harder to avoid.

The malware was first discovered by a Reddit user, Lompolo, who spotted that the developer of one of the malware apps had also posted pirated versions of legit apps, using the developer name "Myournet". But two other developers' products have also been found to include DroidReam.

Lompolo noted that "Myournet" had "taken 21 popular free apps from the Market, injected root exploit into them and republished". More worryingly, those had seen between 50,000 and 200,000 downloads altogether in just four days.

DroidDream contains code which can "root" – take complete control of – a user's decice, and send detailed information such as the phone's IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers and send them to remote servers. But as Android Police's team found, the code can go much further in rooting through a phone.

Update: details of how the root code works are here. Note that this is a "privilege escalation" attack - once the app starts it uses the fact that it has user privileges to jump out of its sandbox and root the phone.

It's a rather brutal reminder of the fact that Android's openness is both a strength and, at times like this, a weakness – though Google's rapid action, in which it pulled the apps from the Android Market within just five minutes of being alerted, is encouraging.

It now looks likely that security companies will begin to compete to offer antivirus and anti-malware products for Android devices – which, given its rapid growth, could prove a fertile area for them with PC sales flat.

If you have downloaded any of the apps below, you should contact your phone company.

Full list of infected applications published by "Myournet": • Falling Down • Super Guitar Solo • Super History Eraser • Photo Editor • Super Ringtone Maker • Super Sex Positions • Hot Sexy Videos • Chess • 下坠滚球_Falldown • Hilton Sex Sound • Screaming Sexy Japanese Girls • Falling Ball Dodge • Scientific Calculator • Dice Roller • 躲避弹球 • Advanced Currency Converter • App Uninstaller • 几何战机_PewPew • Funny Paint • Spider Man • 蜘蛛侠

Full list of infected applications published by "Kingmall2010″: • Bowling Time • Advanced Barcode Scanner • Supre Bluetooth Transfer • Task Killer Pro • Music Box • Sexy Girls: Japanese • Sexy Legs • Advanced File Manager • Magic Strobe Light • 致命绝色美腿 • 墨水坦克Panzer Panic • 裸奔先生Mr. Runner • 软件强力卸载 • Advanced App to SD • Super Stopwatch & Timer • Advanced Compass Leveler • Best password safe • 掷骰子 • 多彩绘画

Full list of infected apps under the developer name "we20090202″: • Finger Race • Piano • Bubble Shoot • Advanced Sound Manager • Magic Hypnotic Spiral • Funny Face • Color Blindness Test • Tie a Tie • Quick Notes • Basketball Shot Now • Quick Delete Contacts • Omok Five in a Row • Super Sexy Ringtones • 大家来找茬 • 桌上曲棍球 • 投篮高手

--
nüvi 3790T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

That's scary

That's scary. You always have to be cautious what you install. Having a system of apps with android that are so easy to put up for people to download with little to no oversight.

--
Garmin Drive Smart 55 - Samsung Note 10 Smartphone with Google Maps & HERE Apps

Too Bad...

Like you said, Android's greatest strength (it's open architecture) has been turned into a threat. Hopefully, it won't be long before there is good security software. Unfortunately, that adds to the overhead usage, but I guess it is a price we have to pay.

--
Shooter N32 39 W97 25 VIA 1535TM, Lexus built-in, TomTom Go

There is one.

There is one.

Search for Lookout Mobile Security on the Market. I installed this and while it didn't find anything, I know it's ready in case something like this comes along.

http://www.youtube.com/watch?v=Jh7anr-Df9E
https://www.mylookout.com/

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

The easiest targets

The easiest targets are for those that crack, and rootkit a paid app, and then unleash it as 'free' on a different site. What better way to get willing victims?

--
nüvi 3790T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

Hmm

I guess smartphones are not so smart after all, has anyone ever heard of a Nuvi infected with malware?

--
Garmin 38 - Magellan Gold - Garmin Yellow eTrex - Nuvi 260 - Nuvi 2460LMT - Google Nexus 7 - Toyota Entune NAV

.

flaco wrote:

I guess smartphones are not so smart after all, has anyone ever heard of a Nuvi infected with malware?

That statement is so ridiculous I don't even know how to respond....

hehehe

GadgetGuy2008 wrote:
flaco wrote:

I guess smartphones are not so smart after all, has anyone ever heard of a Nuvi infected with malware?

That statement is so stupid I don't even know how to respond....

Sorry... my bad, I forgot you own one of those...

--
Garmin 38 - Magellan Gold - Garmin Yellow eTrex - Nuvi 260 - Nuvi 2460LMT - Google Nexus 7 - Toyota Entune NAV

Ughhhh

Smartphones are misnamed, because in reality they are not smart. They simply do a lot more than make phone calls. How smart a smartphone is depends on its user. You have the really bright ones that can not only root the phone and use a terminal window on the phone to replace files, but also can replace the firmware with an alternative that strips out all the carrier-specific junk apps. Then you have the ones that like the built-in features but have no desire to do more with the phone. Then there are those who are too set in their ways to adapt to advances in phone design and would prefer nothing more than a phone that can make calls.

Inflammatory comments about the choices people make regarding their phones have no place here. However, regardless of people's personal feelings regarding the utility or futility of smartphones and GPS, they do have a place on this site. So please, check the attitude at the door.

*The following brought to you by the guy who prefers dedicated GPS receivers, yet at the same time sees the value and benefit in having a smartphone to use as a GPS.*

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

Also a lookout user

That is scary to read, especially thinking that your phone is safe. I also use lookout security and so far it works like a charm.

Thanks

Juggernaut:

Thanks for the information. I haven't installed any of the programs you listed but I am still concerned.

Btw... I've never understood what the icons (I think they're icons) like 致命绝色美腿 mean. Could someone please explain them to me?

Mobile Security

Strephon_Alkhalikoi wrote:

There is one.

Search for Lookout Mobile Security on the Market. I installed this and while it didn't find anything, I know it's ready in case something like this comes along.

http://www.youtube.com/watch?v=Jh7anr-Df9E
https://www.mylookout.com/

Lookout Mobile Security seems good. Are you using the free or the paid version?

To the rest of the POI Factory members; what other mobile security products are you using?

.

WEBROOT BETA , MUCH BETTER THAN LOOKOUT!!!!

--
Everyday is a GREAT day :)

This is scary indeed. I bet

This is scary indeed.

I bet it won't be long before we see companies like Norton and McAfee on smart phones.

Rath *doesn't have a smart phone...yet*

--
Garmin 1390T X1 & 50LM

How smart can a phone really be ?

Mine just, like, y'know... gets me people talking in my ear. And grab the odd picture, and is ready to send it to someone as well.

Never could understand any needs to go beyond that - I have a netbook fro the rest of the stuff, and it runs Linux. I'll be careful from now on, though, cuz Android infection ain't a good news... Who wuldathunk they'd be attacking anything besides Windows machines ?

--
Ain't nuthin' never just right to do the things you wanna do when you wanna do them, so you best just go ahead and do them anyway ! (Rancid Crabtree, from Pat F McManus fame)

protective apps

I have Lookout Mobile on my phone and so far I have had no problems.

The trail

Follow the money trail.
1. Malware released for Smartphones creates a need to guard against malware.
2. Develop and sell software to protect Smartphones.
3. Continue development of Smartphone malware.
4. Sell subscriptions to updates for protection software.

The same evolution happened and continues with computer virus apps. Ever stop to think about who gains from all of this? It sure isn't the user.

really?

jackj180 wrote:

Follow the money trail.
1. Malware released for Smartphones creates a need to guard against malware.
2. Develop and sell software to protect Smartphones.
3. Continue development of Smartphone malware.
4. Sell subscriptions to updates for protection software.

The same evolution happened and continues with computer virus apps. Ever stop to think about who gains from all of this? It sure isn't the user.

got your tinfoil cap out this morning then?

2 for 1

Bogarts_Falcon wrote:

Lookout Mobile Security seems good. Are you using the free or the paid version?

To the rest of the POI Factory members; what other mobile security products are you using?

I'm going to answer two questions at once here, so...

In answer to your question to Juggernaut, that's one of the three Japanese scripts, likely Kanji since the other two scripts (Romanji and Hiragana) are used for transliteration of foreign words and concepts. Japanese app creators often use a Kanji glyph as an icon.

In answer to your second question, I use the free version of Lookout. Works perfectly well for me.

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

NetQin

cool

Netqin offers all the features of the paid version of lookout plus more for free.
Way better.

--
"Destination Eternity" Garmin 765T, & Samsung Galaxy Note Edge

.

Strephon_Alkhalikoi wrote:

I'm going to answer two questions at once here, so...

In answer to your question to Juggernaut, that's one of the three Japanese scripts, likely Kanji since the other two scripts (Romanji and Hiragana) are used for transliteration of foreign words and concepts. Japanese app creators often use a Kanji glyph as an icon.

You mean these characters - 致命绝色美腿? I may not understand them but I swear they don't look like Japanese characters. It's Chinese. It means "Fatal stunning legs", Google says so, not me grin

How smart can a phone really be ?

It can only be as smart as the person using it.

Can't deny it. The wookie is

Can't deny it. The wookie is right in that it's Chinese. grin

I looked at the various malware protection apps out there, and Lookout has the right balance of features for my needs. Plus I've heard of Lookout, but never heard of Netqin. In any event, the one takeaway to be gleaned from this thread is to be smart in downloading apps, and to have a safety net, whether Lookout, Netqin or any of the other malware protection apps on the Market, because you never know when your tin-foil beanie will fail you. wink

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

Tin Foil Beanies Anyone?

graywolf323 wrote:
jackj180 wrote:

Follow the money trail.
1. Malware released for Smartphones creates a need to guard against malware.
2. Develop and sell software to protect Smartphones.
3. Continue development of Smartphone malware.
4. Sell subscriptions to updates for protection software.

The same evolution happened and continues with computer virus apps. Ever stop to think about who gains from all of this? It sure isn't the user.

got your tinfoil cap out this morning then?

What kind of negative reputation would an anti-virus company earn when (not if) it's discovered that they hired script kiddies to write virii for them to detect? The company that did this would be out of business overnight! Jack's comment also ignores one simple fact: while both AVG and Avast do have an upgrade path to their pro products that you pay for, their free products work just fine when it comes to receiving virus definition updates and, at least in Avast's case, are updated multiple times per day.

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

McAfee is already there

Rath wrote:

I bet it won't be long before we see companies like Norton and McAfee on smart phones.

McAfee already bought WaveSecure (https://www.wavesecure.com/).

Kaspersky:

Oh hell no!

Norton will never make it within firing distance of my presence. Can't say the same for McAfee. It came with the computer, before I did a clean install of the hard drive to obliterate its presence.

To put it nicely, I do not recommend either company's product.

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

Follow it.

Strephon_Alkhalikoi wrote:
graywolf323 wrote:
jackj180 wrote:

Follow the money trail.
1. Malware released for Smartphones creates a need to guard against malware.
2. Develop and sell software to protect Smartphones.
3. Continue development of Smartphone malware.
4. Sell subscriptions to updates for protection software.

The same evolution happened and continues with computer virus apps. Ever stop to think about who gains from all of this? It sure isn't the user.

got your tinfoil cap out this morning then?

What kind of negative reputation would an anti-virus company earn when (not if) it's discovered that they hired script kiddies to write virii for them to detect? The company that did this would be out of business overnight! Jack's comment also ignores one simple fact: while both AVG and Avast do have an upgrade path to their pro products that you pay for, their free products work just fine when it comes to receiving virus definition updates and, at least in Avast's case, are updated multiple times per day.

I didn't say that they (anti-virus) companies had script kiddies on their payroll. A scrip kiddie by definition uses programs written by others, called scripts, to infest computers. The script kiddie doesn't really write the malware, he inputs to the script the characteristics of the malware and the script writes it. Someone has to write those scripts. Are you saying that it would be impossible for an employee of an anti-virus company to write them and get them distributed without anyone finding out?

As I said, "Follow the money trail" and find out who benefits from the activity. Is it the computer user? No. Is it the script kiddie? No. Is it the guy who wrote the script? Maybe, depends on who he is. Is it the anti-virus company? YES!

Another fact to consider, how many new pieces of malware are generated every month? How many people have you heard of who were prosecuted for writing them?

As for my "tinfoil cap", it is firmly in place and doing its job.

Open Source has it's Pitfalls

I will take Steve Jobs overly anal approch to an App store anyday.

don't download junk you be

don't download junk you be fine

Malware and the "Chinese Connection"

Bogarts_Falcon wrote:

Juggernaut:

Thanks for the information. I haven't installed any of the programs you listed but I am still concerned.

Btw... I've never understood what the icons (I think they're icons) like 致命绝色美腿 mean. Could someone please explain them to me?

It never hurts to be careful (another rec from me for Lookout Mobile Security, by the way)...

As for those "Icons"--that's actually Chinese hanzi (or ideographs)--it won't show up as Chinese writing unless you have the relevant font packages installed in Windows or MacOS.

(And yeah, pretty much all of the malware in this case is coming from three Chinese groups that pirated legit (pay) software on the Market, put in malware, and released it for free. Hence why so many of them have Chinese names.)

I surely hope Apple is

I surely hope Apple is taking note and making sure no malware goes through in their approved apps. I myself have personal info on my iphone to keep as reference.

Paranoia. The Computer Is Watching.

jackj180 wrote:

I didn't say that they (anti-virus) companies had script kiddies on their payroll. A scrip kiddie by definition uses programs written by others, called scripts, to infest computers. The script kiddie doesn't really write the malware, he inputs to the script the characteristics of the malware and the script writes it. Someone has to write those scripts. Are you saying that it would be impossible for an employee of an anti-virus company to write them and get them distributed without anyone finding out?

As I said, "Follow the money trail" and find out who benefits from the activity. Is it the computer user? No. Is it the script kiddie? No. Is it the guy who wrote the script? Maybe, depends on who he is. Is it the anti-virus company? YES!

Another fact to consider, how many new pieces of malware are generated every month? How many people have you heard of who were prosecuted for writing them?

As for my "tinfoil cap", it is firmly in place and doing its job.

Look, even someone as thick as a brick can understand exactly what you were getting at, so don't try playing the "I didn't say that" routine because no one is buying it. Your first post heavily implies that the companies that produce spyware and antivirus scanners are the ones that are writing the spyware and virii in the first place. Your most recent post confirms this.

Now, could a rogue employee write something to bypass the company's software? Of course they could, and they likely do to test the ability of the software to catch the virus. They could take a copy of the virus and spread it out in the wild too. But the tin-foil cap comments are coming because of your belief that the companies are allowing this to deliberately happen simply to enhance their own profit margins.

That belief flies in the face of simple reality. But then again, you sound like someone that would fit right in with the crowd on techrepublic who discussed this very issue back in 2005.

http://www.techrepublic.com/article/why-there-is-no-global-a...

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

Nuvi V1 firmware aka malware?

flaco wrote:

I guess smartphones are not so smart after all, has anyone ever heard of a Nuvi infected with malware?

From what I read here, Nuvi version one firmware is often so buggy it could be termed 'malware'...

Ideographs

kusuriurikun wrote:
Bogarts_Falcon wrote:

Juggernaut:

Btw... I've never understood what the icons (I think they're icons) like 致命绝色美腿 mean. Could someone please explain them to me?

As for those "Icons"--that's actually Chinese hanzi (or ideographs)--it won't show up as Chinese writing unless you have the relevant font packages installed in Windows or MacOS.

Thanks for the explanation but I'm still somwhat confused. How are we supposed to know what the following means, (this was copied from appbrain.com but I've also see it on market.android.com).

웃다가 똥싸도 책임지지 않습니다!!!!!!!!!!!!!!!!!!

*소개*
판의 "5대독자"가 어플로 돌아왔다!
소설보다 강한 스토리! 최고의 귀염둥이 찐따베리!
대한민국에서 '5대독자'의 신화는 계속된다!

※ 작품소개

제 목: 5대독자
원 작: 찐따베리
장 르: 실제 스토리
이용등급: 웃다 똥싸신분 관람불가
발 행정보: 시즌 3 업데이트중

※작품 줄거리:

판에서 화제가 되었던 "5대독자"의 디테일이 가장 이상적으로 발휘된 최고의 명작!
찐따베리 독자달구의 좌충우돌 폭풍 웃음 4명의 누나들과 살아가는
웃다가 똥쌀 이야기!!

Read and Learn

Strephon_Alkhalikoi, your statements reveal that you didn't read what I wrote. Either that or you are deliberately twisting what I said. Go back and re-read my statements! After you do that, learn a little bit about malware and where it comes from.

I know, I know, you're now going to tell me about the 150 years of experience you have dealing with computer malware. How you are an expert in all things computer and I barely know enough to tie my own shoes. Consider it done.

I am not accusing anti-virus companies of writing, releasing or even promoting those who author malware. What I am doing is asking you to follow the money trail and decide exactly who benefits from malware. It sure isn't me!

let me see if i follow your logic here

jackj180 wrote:

Follow the money trail.
1. Malware released for Smartphones creates a need to guard against malware.
2. Develop and sell software to protect Smartphones.
3. Continue development of Smartphone malware.
4. Sell subscriptions to updates for protection software.

The same evolution happened and continues with computer virus apps. Ever stop to think about who gains from all of this? It sure isn't the user.

Following this train of logic, all crime is caused by those that try to prevent it.

1. A crime is committed
2. Police are hired to protect victims
3. Police continue to encourage criminal activity.
4. More police are hired and wages go up because crime increases.

Is that the same logic?

We sure know it isn't the victim that profits from crime.

--
Illiterate? Write for free help.

You are right!

Box Car wrote:
jackj180 wrote:

Follow the money trail.
1. Malware released for Smartphones creates a need to guard against malware.
2. Develop and sell software to protect Smartphones.
3. Continue development of Smartphone malware.
4. Sell subscriptions to updates for protection software.

The same evolution happened and continues with computer virus apps. Ever stop to think about who gains from all of this? It sure isn't the user.

Following this train of logic, all crime is caused by those that try to prevent it.

1. A crime is committed
2. Police are hired to protect victims
3. Police continue to encourage criminal activity.
4. More police are hired and wages go up because crime increases.

Is that the same logic?

We sure know it isn't the victim that profits from crime.

And stupidity is caused by computers connected to the Internet. Just look at all the stupid stuff on this thread!

Look In The Mirror

jackj180 wrote:

Strephon_Alkhalikoi, your statements reveal that you didn't read what I wrote. Either that or you are deliberately twisting what I said. Go back and re-read my statements! After you do that, learn a little bit about malware and where it comes from.

I twist nothing and read everything. Your own words condemn you. Therefore, if you wish to declare that "stuff" on this thread is stupid, perhaps you should take a look at your own comments first.

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

not really

mourton wrote:

I will take Steve Jobs overly anal approch to an App store anyday.

The iOS apps are just as susceptible to malware. Apple does not have time to analyze every line of code. In the past developers were able to get malware apps approved, which would then take advantage of iPhone weaknesses to "jailbreak" the iPhone. It was quite embarrassing to see Apple approved the app in the first place, and then pull it later.

--
http://www.poi-factory.com/node/21626 - red light cameras do not work

My Opinion

jackj180 wrote:

Follow the money trail.
1. Malware released for Smartphones creates a need to guard against malware.
2. Develop and sell software to protect Smartphones.
3. Continue development of Smartphone malware.
4. Sell subscriptions to updates for protection software.

The same evolution happened and continues with computer virus apps. Ever stop to think about who gains from all of this? It sure isn't the user.

For what it's worth I read your post several times and it did seem to me that you were implying that developers of the malware protection software were behind malware.

Maybe you didn't mean to imply it but it seemed like that to me.

Just my 2 cents.

Which A/V Software?

So malware has made it to the Smartphones. Any suggestions on a good antivirus package for Android?

Lookout Mobile Security has

Lookout Mobile Security has already been mentioned. Netqin is another. AVG has a mobile app. It's best to look on the Android Market or Windows Marketplace (for WinPhone 7) to see what's available.

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

Questions

nuvic320 wrote:

The iOS apps are just as susceptible to malware. Apple does not have time to analyze every line of code. In the past developers were able to get malware apps approved, which would then take advantage of iPhone weaknesses to "jailbreak" the iPhone. It was quite embarrassing to see Apple approved the app in the first place, and then pull it later.

What app are you referring to?

--
If you don't know where you are going, you might wind up someplace else. - Yogi Berra

Motorola, Bad Android Apps Drive 70% of Smartphone Returns

--
Nuvi 2460LMT