Google Android Malware Gets Its Comeuppance; Malicious Apps Pulled

Printer-friendly version Email this CRN article

Google Android malware may have met its match.

As Google Android continues to become a hot attack point for mobile device security threats, there has been a dramatic increase in the amount of malware aimed at Android.

More than 50 malware hosting apps have been removed from Google Android and their developers have been shown the door.

Android's openness, compared to other popular mobile device platforms like Apple's iPhone and RIM's BlackBerry, have made it a prime target for hackers and malware writers looking to steal data and make a few bucks.

And this week a total of 52 malicious Android apps containing malware were removed from the official Google Android Market, its apps market place.

It started like this: An Android developer allegedly ripped off 21 popular apps that are free in the Android Market and injected a root exploit into the apps and uploaded to the Android Market where they were downloaded between 50,000 and 200,000 times. The malware-injected Android apps were discovered by a reddit reader by the name of lompolo, who submitted a post to reddit highlighting the discovery of the bad Google Android apps in the Android Market. Then, Android Police took a look at the offending apps and found that they not only root a smartphone but "it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID." The malicious apps also have the ability to download more code.

"In other words, there's no way to know what the app does after it's installed, and the possibilities are nearly endless," Android Police wrote.

According to Android Police, it notified Google about the problem, and the 21 apps were removed. Google also terminated the developer's account. The developer that allegedly injected the apps with the malware goes by Myournet.

Symantec also weighted in, pointing out that Myournet wasn't the only offender making malicious apps for the legitimate Google Android Market, a turnaround from making applications for unofficial Android marketplaces that can root the phone, harvest data or open a back door.

"Apparently some malicious authors where not satisfied just sticking with this routine. We have become aware of a selection of malicious applications following this trend; however, they are available on the official Android Market," Symantec wrote in a blog post on Wednesday highlighting the new Android threats. "The applications in question are popular free apps, bundled with malware, that have then been republished in the official marketplace under different application and publisher names...Google has taken action and has removed these apps from the official Android marketplace."


Next: Android Malware Writers Kick It 'Root' Down

Printer-friendly version Email this CRN article