Skip to main content

Android hit by rogue app viruses

Android hit by rogue app viruses

More than 50 applications available via the official Android Marketplace have been found to contain a virus.
Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times.
The malicious apps were copies of existing applications, such as games, that had been repackaged to include the virus code.
All the apps found to contain the malicious code have now been removed from the Android Marketplace.
Remove and recall
The virus-laden apps were discovered by a Reddit user called Lompolo who realised that one program was listed under the name of a publisher he knew had not written it.
He found that the app, which let people play guitar on their handset, was the same as the original but for a name change and some virus code buried within it.
Lompolo said the rogue apps had been downloaded between 50,000 and 200,000 times since they were placed on the Marketplace.
Lompolo initially found 21 apps bearing the viral code but, according to an investigation by mobile security site Android Police, the final tally is believed to involve more than 50. The apps are also known to be available on unofficial Android stores too.
Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server.
It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it.
The latest version of the Android operating system, known as Gingerbread, is not vulnerable to the exploits DroidDream uses.
Open access
As well as removing the applications from the Android Marketplace, Google has also suspended the three accounts being used by the developer behind the apps.
It also has the option to use a security tool that can recall and uninstall rogue applications from phones. It is not thought to have yet done this as its investigation continues. Google has yet to issue a formal statement about the rogue applications while it completes the investigation.
Writing on the Trend Micro security blog, Rik Ferguson, pointed out that remote removal of the booby-trapped apps may not solve all the security problems they pose.
"...this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection," he wrote.
He advised anyone who believed they had installed one of the malicious apps to find out whether they need to get a new handset or re-install the operating system on the one they have.
The open nature of the Android platform was a boon and a danger, he warned.
"This greater openness of the developer environment has been argued to foster an atmosphere of creativity," he wrote, "but as Facebook have already discovered it is also a very attractive criminal playground."

 

Comments

Popular posts from this blog

The 101 Most Useful Websites

Olive Nexus VR-9: Your handy Wi-Fi router

As modern netizens, getting online is probably a vital part of your day. Olive's Nexus VR-9 is a portable Wi-Fi router that makes it possible to share a single connection with all your Wi-Fi enabled gadgets. All you need is a high-speed USB data card.

The idea is simple: plug in a data card into the router's USB port and it instantly creates a Wi-Fi hotspot wherever you are. At home or in office, multiple laptops can share the same data connection. You could provide wireless internet for Wi-Fi phones, iPods and tablets. On the move, your laptop and portable gadget continue to have internet access as long as your battery lasts.

It comes with a wall charger to keep plugged in at home/office. On the move, the battery is good enough to power it for a respectable 3 hours and 50 minutes (at least two devices were connected throughout this time in our testing). Aside from the portability, the biggest advantage is the savings it can offer.
Priced at 3,500, the Olive Nexus VR-9 could e…

Kingston Launches HyperX Plug and Play RAM for Intel PCs

Kingston has released its new HyperX plug and play (PnP) series which is a collection of memory kits that utilize modules which are capable of working at frequencies of either 1,600 MHz or 1,866 MHz. This memory module is designed specifically for use with desktops and laptops powered by the latest generation of Intel Core i5 or Core i7 central processing units.

There are six kits in total, all of them composed of two kits, meaning that modules of 2 GB and 4 GB are used. There are two Dual in-line Memory Module (DIMM) kits, while the other four come in the Small Outline In-line Memory Module (SODIMM) form factor.

The modules are programmed using Joint Electron Devices Engineering Council (JEDEC) compliant settings, allowing 1600MHz and 1866MHz frequency support. It is as simple as plugging in the memory and turning on the machine, as the system automatically recognizes faster memory speed with no further basic input/output system (BIOS) settings required.

Mark Tekunoff, …