Page 2 of 2
According to Symantec, the Android Packages (.apk) include the file "rageagainstthecage," which is a tool commonly used to root the phone. In legitimate circumstances, this file can be used by the owner of the phone to acquire administrative rights on his or her phone. In the case of the attack, however, rooting the phone can allow the malware called Android.Rootcager to perform more than the usual activities, like taking screen shots not commonly allowed on Android phones.
Android.Rootcager in roots the phone without user consent to perform various activities, Symantec continued. DownloadProvidersManager.apk is dropped by the malware to monitor installed applications and download additional packages of code as a background service. The malware also attempts to record IMEI and IMSI numbers, which can be used to identify mobile phones, and upload the data to an external Web site.
Along with Myournet, Android Market applications developed by kingmall2010 and we20090202 may also contain malware. Overall, Symantec identified 52 apps from those three developers that may be affected.
"If users feel that they may have installed one of these apps, they should also check com.android.providers.downloadsmanager (DownloadManageService) in the 'running services' settings of the phone, Symantec said.
The discovery and removal of the malicious apps designed to resemble legitimate applications is just the latest in a series of Google Android threats targeting the increasingly popular mobile device platform.
Earlier this week, Symantec discovered a Google Android Trojan that poses as a legitimate application to unleash a botnet onto an Android device to steal data and manipulate device function. The new Android.Pjapps Trojan is spreading throughout Google Android via altered versions of legitimate applications hosted on unregulated third-party Android marketplaces, Symantec said.
The Android.Pjapps Trojan followed on the heels of two other recent Android-targeted Trojans, Android.Adrd and Android.Geinimi.
Security pros have flagged Google Android as the next great mobile malware battle ground.
In a recent interview with CRN, Adam Wosotowsky, principal engineer at McAfee Labs, told CRN that Google's Android mobile platform has become a prime target, more so than its mobile OS counterparts from Apple and RIM BlackBerry. Android has bubbled to the top because it has looser restrictions on developing and building applications for the platform.
"In the case of Android, it's a lot easier to write an application to it," Wosotowsky said.
At the 2011 Kaspersky Americas Partner Conference last month, Kurt Baumgartner, senior security researcher for Kaspersky Labs said that as the mobile arena grows, exploits and spyware are being aimed at the Android platform.
"Really clever people are trying to force spyware onto the Droid," he said.