Slashdot Mirror

← Back to Stories (view on slashdot.org)

30+ Infected Apps Pulled From Android Market

Posted by samzenpus on from the one-bad-app-spoiling-the-barrel dept.

Trailrunner7 writes "Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market. There are at least 34 applications that researchers have found in the Android Market in the last few days that had a version of the DroidDream malware dropped into them. Once a user installs one of the infected applications, the malicious component, which researchers have dubbed DroidDream Light, will kick in once the user receives an incoming call. The malware then gathers some identifying information from the phone, including its IMEI number, IMSI number, packages installed and other data, and then sends it off to a pre-configured remote server."

14 of 91 comments (clear)

  1. Which ones? by blair1q · · Score: 5, Informative

    Again, no list in TFA.

    You have to dig through it to another article that links to a source article with a list:

    http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/

    And that list is over two months old.

    Which means this story's hardly viral. More like fungal.

    1. Re:Which ones? by putch · · Score: 4, Informative

      It certainly wasn't prominent but there is a current list available here: http://blog.mylookout.com/2011/05/security-alert-droiddreamlight-new-malware-from-the-developers-of-droiddream/

      --
      just because I don't care doesn't mean I don't understand!
    2. Re:Which ones? by Kamiza+Ikioi · · Score: 4, Insightful

      Look at where that link leads... Lookout anti-virus software for Android. People's entire lives live on these phones. Why would people not protect it?

      I find it sad that so many "power" users scoffed at anti-virus/anti-malware for their phones. Waste of space and resources they said. I run Lookout, which does more than just anti-virus. It scans new files I download, then goes away quietly to the background, backs up files, etc. I also run a firewall and adblock software (rooted). I conduct private, work, and finances on my phone. People that do that need to get out of their dreamworld that their phone is hacker proof, regardless of who makes it or what OS it runs. Even if they are behind a walled garden or you never download from unknown publishers, they all run browsers and all browsers can be exploited.

      The more powerful phones get, the more they will be targeted. I'm surprised major zombie trojans haven't infected more phones yet. Millions of cheap cpu's for a botnet is a very tempting target, and as they can frequently jump on different wifi and cellular networks, with changing hosts and IPs, They would be hard to block for spam. They would also make for one heck of a DDOS weapon. And with storage ever increasing, they could be hijacked for file sharing.

      --
      I8-D
    3. Re:Which ones? by h4rr4r · · Score: 2

      Considering tethering software made it into the apple store I would be careful about such claims.

    4. Re:Which ones? by mlts · · Score: 3, Interesting

      Heck with antivirus/antimalware software. That way of thinking means we end up with the arms race that the blackhats will win every time, and our CPU, RAM, and disk I/O will be collateral damage, just like it is in the Windows ecosystem. If we had to have standard AV software, phone makers would have to double the RAM and add an additional core just to handle the continual I/O of a scanning utility.

      In reality, you want to go to a genetic HIPS (host-based intrusion protection system) type of architecture that will stop attacks because of the method used, as opposed to definite file signatures. File signatures means you have this dandy database which means jack squat because the 0-days change a couple bytes each version. For example, if malware uses a series of phone numbers, one blacklists that list instead of each executable hash, as there are far fewer phone numbers than changes to executables possible. Why is a HIPS based system better than real time signatures? HIPS systems only fire off when an action is done, and not having to be actively running.

      Even better would be to borrow from the Blackberry model, and if an app is about to use a service that is going to charge, prompt the user who/what/when/where/why/how/how much they will be billed for, and allow them to say "yes, don't bother me again", "yes", "no", or "hell no, this app can never do this".

    5. Re:Which ones? by shadowfaxcrx · · Score: 2

      No. The phone was slightly slow before I installed it, and it's slightly slow now. But it's an original Droid, and I tend to run more crap on it than it's capable of running comfortably, so that's to be expected. Lookout caused no noticeable performance issues.

      --
      "I disagree with you" does not equal "flamebait."
  2. List of Apps by Some+guy+named+Chris · · Score: 4, Informative

    The Lookout Blog has a list of the affected apps.

    http://blog.mylookout.com/2011/05/security-alert-droiddreamlight-new-malware-from-the-developers-of-droiddream/

  3. Re:Not news-worthy by vinayg18 · · Score: 2

    Umm, no, that would be the worst case scenario, wouldn't it? Every time there's a round of media coverage about Google zapping apps on the Android Market, I get the feeling that it's an attempt to condemn the security model of the Android OS, when the actual problem is the users' lack of discretion in installing junk!

  4. Re:Get off the couch, folks. by PhreakOfTime · · Score: 2

    Radio waves were not 'invented'

    Radio waves were discovered.

  5. Re:Get off the couch, folks. by mandark1967 · · Score: 2

    Good Afternoon mallyn,

    This is Comcast posting to notify you the appointment we scheduled 30yrs ago to handle your TV outage is scheduled for sometime between 8:00 am EST tomorrow and 2020.

    Will you be home at that time, or should we reschedule?

    You may contact us at 1-8COMCASTIC or email us at lulz@comcastcares.not

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  6. Infected? INFECTED?!?! (no: malicious by design) by VortexCortex · · Score: 4, Insightful

    The apps were not "Infected" by the droid dream malware -- This would mean that malware was wandering around, infiltrating developer machines and the Marketplace itself... No. Instead, said malware payload was purposefully introduced to innocuous looking apps -- similar to the gift of a poison apple, or a Statuesque Wooden Horse Gift.

    Hint: Legit app with "malware dropped into them." describes a malware infection about as well as Stigmata describes the actions of a depressed wrist slitter.

    Apparently, the sex-censors have illegalized the word: Trojans. Either that, or the submitter is a moron.

  7. Re:30,000 Users by mandark1967 · · Score: 2

    The issue deserves concern, but 30,000 Android users seems like a very small number to me.

    Try using a larger fontsize.

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  8. Re:Infected? INFECTED?!?! (no: malicious by design by thestudio_bob · · Score: 4, Funny

    The apps were not "Infected" by the droid dream malware -- This would mean that malware was wandering around, infiltrating developer machines and the Marketplace itself... No. Instead, said malware payload was purposefully introduced to innocuous looking apps...

    Sorry, but using logic to defend your favorite platform has no use here. Please move along.

    Sincerely
    An Apple Product User

    --
    The real Sig captains the Northwestern. This one captains /.
  9. Re:30,000 Users by shmlco · · Score: 2

    ""Only download apps from trusted sources, such as reputable app markets."

    You mean like Google's Android App Market?

    --
    Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.