Malicious Games Pulled From Android Market
A malicious developer who goes by the name of Logastrod exploited what Sophos called the "ease of cloning Android apps" to create free fakes of games, such as Angry Birds, Cut the Rope and Assassin's Creed Revelation. A total of 13 games were posted Sunday on Google's app market for smartphones and tablets running the Android operating system.
The games were available for more than a day before they were taken down by Google's security team. At least 10,000 people downloaded at least one of the malicious apps from the list, Vanja Svajcer, principal virus researcher for Sophos, said Monday in the company's blog. "Google's reaction has been quick, but not quick enough."
The malicious developer used a common tactic for distributing malware on the site. "Trojanized" copies of the games were uploaded to the market and offered for free, Sophos said. Each of the games carried code to send and receive text messages to paid services, an action the victim may not be aware of until the monthly wireless phone bill arrives.
Google does not comment on third-party reports of malicious applications or discuss why applications were removed. As part of the download process, people are told what services on the device the application will access. If they don't want those services tapped, the device user can abort the installation.
Security software makers that make products for smartphones and tablets have been critical of the Android Market for some time. They argue that cyber-criminals have an easier onramp to the device because applications offered through the market do not undergo the same rigorous review as apps published on Apple's App Store.
In a recent blog, Chris DiBona, open-source programs manager at Google, took security vendors to task, saying anti-malware is not needed on Android smartphones. DiBona accused the vendors of playing to people's fears to sell product.