Skip to main content

Android hit by rogue app viruses

Android hit by rogue app viruses

More than 50 applications available via the official Android Marketplace have been found to contain a virus.
Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times.
The malicious apps were copies of existing applications, such as games, that had been repackaged to include the virus code.
All the apps found to contain the malicious code have now been removed from the Android Marketplace.
Remove and recall
The virus-laden apps were discovered by a Reddit user called Lompolo who realised that one program was listed under the name of a publisher he knew had not written it.
He found that the app, which let people play guitar on their handset, was the same as the original but for a name change and some virus code buried within it.
Lompolo said the rogue apps had been downloaded between 50,000 and 200,000 times since they were placed on the Marketplace.
Lompolo initially found 21 apps bearing the viral code but, according to an investigation by mobile security site Android Police, the final tally is believed to involve more than 50. The apps are also known to be available on unofficial Android stores too.
Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server.
It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it.
The latest version of the Android operating system, known as Gingerbread, is not vulnerable to the exploits DroidDream uses.
Open access
As well as removing the applications from the Android Marketplace, Google has also suspended the three accounts being used by the developer behind the apps.
It also has the option to use a security tool that can recall and uninstall rogue applications from phones. It is not thought to have yet done this as its investigation continues. Google has yet to issue a formal statement about the rogue applications while it completes the investigation.
Writing on the Trend Micro security blog, Rik Ferguson, pointed out that remote removal of the booby-trapped apps may not solve all the security problems they pose.
"...this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection," he wrote.
He advised anyone who believed they had installed one of the malicious apps to find out whether they need to get a new handset or re-install the operating system on the one they have.
The open nature of the Android platform was a boon and a danger, he warned.
"This greater openness of the developer environment has been argued to foster an atmosphere of creativity," he wrote, "but as Facebook have already discovered it is also a very attractive criminal playground."

 

Comments

Popular posts from this blog

The 101 Most Useful Websites

Kingston Launches HyperX Plug and Play RAM for Intel PCs

Kingston has released its new HyperX plug and play (PnP) series which is a collection of memory kits that utilize modules which are capable of working at frequencies of either 1,600 MHz or 1,866 MHz. This memory module is designed specifically for use with desktops and laptops powered by the latest generation of Intel Core i5 or Core i7 central processing units.

There are six kits in total, all of them composed of two kits, meaning that modules of 2 GB and 4 GB are used. There are two Dual in-line Memory Module (DIMM) kits, while the other four come in the Small Outline In-line Memory Module (SODIMM) form factor.

The modules are programmed using Joint Electron Devices Engineering Council (JEDEC) compliant settings, allowing 1600MHz and 1866MHz frequency support. It is as simple as plugging in the memory and turning on the machine, as the system automatically recognizes faster memory speed with no further basic input/output system (BIOS) settings required.

Mark Tekunoff, …

DriveLocker: Hide Any Hard Drive Partition on Your Computer

I have partitioned my hard drive into 2 parts: C and D. C, as is normally, is dedicated for installation files and such. My D drive is dedicated to songs and all types of personal files. Since I often have friends over who use my computer, I was looking for a way to hide my personal drive from them. I need a way to hide my D drive. And that way was excellently provided by DriveLocker. [You may also try: Restrict Users From Opening a Hard Disk Partition] DriveLocker is a wonderful program for Windows computers that hides any hard drive partition of your choice. Through the images and description below, you will see how it works. First of all, you will need to download the program’s ZIP archive that is only 23KB large. Then you will need to extract the executable within this archive. Opening this EXE file will run the program, no installation will be required. This is what the program looked like on my computer: Initially both drives will be unchecked. This means that I can view both my dri…