Home

Share this Story

DroidDream Malware Enters Official Android Market, Chaos Ensues After Root Exploit Found Embedded

Yesterday was a bad day for the Android Market.  Popular Redditor lompolo discovered odd duplicates of some very popular apps in the market and decided to download a few to see exactly what the difference was.  The news was not pretty, and the guys at Android Police jumped all over it, looking for more.  What did they discover?   Well, that developer “Myournet” was taking popular apps from the market, repackaging them with malware included, and then republishing them to the market alongside the legitimate version.  Included in these new versions was the famous root exploit “rageagainstthecage” (yep, it was rooting devices) and other embedded apks which had the potential to do some serious damage and steal more information than you can imagine…

…it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

But that’s not all.  Android security machine Lookout, stepped into the situation to help ease minds of their customers, but also found two additional developers that were distributing similarly affected apps:  Kingmall2010 and we20090202.  With these 3 “developers” combined, there were more than 50 apps in the official Android Market that could potentially steal a massive amount of information from your smartphone.  

Lookout’s CTO had this to say on the situation…

DroidDream is packaged inside of seemingly legitimate applications posted to the Android Market in order to trick users into downloading it, a pattern we’ve seen in other instances of Android malware such as Geinimi and HongTouTou. Unlike previous instances of malware in the wild that were only available in geographically targeted alternative app markets, DroidDream was available in the official Android Market, indicating a growing need for mainstream consumers to be aware of the apps they download and to actively protect their smartphones. Lookout users are protected from all known instances of DroidDream.

All I can say is, know what you are downloading to your phones, people.  We’ve lived in a time filled with shady internet characters for a couple of decades now and you shouldn’t be blindly downloading apps from random developers.  If you haven’t heard of the person listed under the app you are about to download, maybe you should take 30 seconds, read some of the comments, do a quick Google search, and see what you come up with.

The first reaction for most people is to blame Google, but that’s a little unfair.  If you want openness, then you need to educate yourself a little.  Or you could all do your best to make the world a better place by stopping your searches for apps titled “Hilton Sex Sound” and “Sexy Girls: Japanese.”

And lastly, here are the apps you should probably avoid if they ever pop back up in the market…

Full list of infected applications published by “Myournet”:

Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠

Full list of infected applications published by “Kingmall2010″:

Bowling Time
Advanced Barcode Scanner
Supre Bluetooth Transfer
Task Killer Pro
Music Box
Sexy Girls: Japanese
Sexy Legs
Advanced File Manager
Magic Strobe Light
致命绝色美腿
墨水坦克Panzer Panic
裸奔先生Mr. Runner
软件强力卸载
Advanced App to SD
Super Stopwatch & Timer
Advanced Compass Leveler
Best password safe
掷骰子
多彩绘画

Full list of infected apps under the developer name “we20090202″:

Finger Race
Piano
Bubble Shoot
Advanced Sound Manager
Magic Hypnotic Spiral
Funny Face
Color Blindness Test
Tie a Tie
Quick Notes
Basketball Shot Now
Quick Delete Contacts
Omok Five in a Row
Super Sexy Ringtones
大家来找茬
桌上曲棍球
投篮高手

Via:  Lookout, Android Police

  • Anonymous

    This is not all Google’s fault,but……

  • Anonymous

    that’s interesting!

  • http://youtu.be/n_ScoxFMl0k push button cash site

    nice articles

  • http://www.microdermabrasionguide.com/ microdermabrasion

    Now a days Android is one of the popular OS.  This OS is support many application.  I think thats funniest information and maybe Its true.

  • http://www.microdermabrasionguide.com/ microdermabrasion

    Now a days Android is one of the popular OS.  This OS is support many application.  I think thats funniest information and maybe Its true.

  • Anonymous

    It is a nice post on DroidDream Malware Enters Official Android Market, Chaos Ensues After Root Exploit Found Embedded. Android malware such as Geinimi and HongTouTou.

    how to unlock the iphone 4

  • Anonymous

    Android is a Google open source platform for mobile phones. It is a Linux based operating system. Android is a software application for mobile devices. I bought Samsung Galaxy mobile phone which provides Android operating system.

    seziures in dogs

  • http://twitter.com/hpizzy Hiral Patel

    If you want to make the world a better place, look at yourself and make a change…MJ Man in Mirror

    Or you could all do your best to make the world a better place by stopping your searches for apps titled “Hilton Sex Sound” and “Sexy Girls: Japanese.”

    I laughed so hard – That was awesome.

    • Anonymous

      Or don’t install any chess apps or file managers, or photo editors? Are you serious? The malware can use any name. There is a difference between an open app market and anarchy. As much as I hate iOS, I don’t think we should be at risk anytime we download any app from the Android Market. Google needs to step up and scan apps for malware. You can filter out malware and still have an open market.

  • http://davesdroid.blogspot.com NadTwist

    Wouldn’t it be relatively easy for Google’s Market server to just scan APKs as they are uploaded by “developers”? This way, malicious apps would never get into your phone unless they are installed from a 3rd party.

  • http://davesdroid.blogspot.com NadTwist

    Wouldn’t it be relatively easy for Google’s Market server to just scan APKs as they are uploaded by “developers”? This way, malicious apps would never get into your phone unless they are installed from a 3rd party.

  • Anonymous

    Dear customers, thank you for your support of our company.
    Here, there’s good news to tell you: The company recently
    launched a number of new fashion items! ! Fashionable
    and welcome everyone to come buy. If necessary,
    welcome to :===== www. soozone.com========
    T-shirts (Polo ,ed hardy,lacoste) $14
    New era cap $10

    Air jordan(1-24)shoes $30

    Handbags(Coach,ed hardy,lv,d&g) $35

    Jean(True Religion,ed hardy,coogi) $35

    Sunglasses(Oakey,coach,gucci,Armaini)$14

    Bikini (Ed hardy,polo) $18

  • Anonymous

    ??? http://soozone.com???
    Wholesale all kinds of world brand shoes,jeans,t-shirts,bikini,beach

    pants,handbags,wallets,sunglasses,belt,caps,watches etc..
    ┴┬┴┬/ ̄\_/ ̄\
    ┬┴┬┴▏  ▏▔▔▔\
    ┴┬┴/\ /     ﹨
    ┬┴∕    /   /  )
    ! !
    ┬┴▏         ▔█◤
    ┴◢██◣      \__/
    ┬█████◣      /
    ┴████████████◣
    ◢████████████▆▄
    ◢███████████▆▄
    █◤◢██◣◥███████◤\
    ◥◢████ ████████◤  \
    ┴█████ ██████◤     ﹨
    ┬│   │█████◤       ▏
    ┴│   │  ▏
    ┬∕   ∕    /▔▔▔\    ∕
    *∕___/﹨   ∕      \ /\
    ┬┴┬┴┬┴\    \_     ﹨/ 

  • http://twitter.com/jhanford Jason Hanford-Smith

    OK, so Lookout have responded quickly. I’m using NetQin. Should I switch to Lookout?

  • 2ceedz

    We knew it was coming, news about this stuff on the Chinese market was reported at least a week ago.

  • Billy

    It is not unfair to blame Google. Open source doesn’t mean no responsibility. Those apps were in Google’s marketplace. Yes everyone should research what they download but that shouldn’t alleviate some responsibility on Google’s part. I’m an Android user but that doesn’t mean I’m giving Google a free pass .

  • theBIGmann

    I would like to see an opt-in verification process through Google or a third party. The market could then show an app’s certification status in the market. Users could still download unverified apps, but would know to do a little extra research first.

  • MikeC

    That’s why I use Lookout on my Inspire 4G, you just never know anymore.

  • http://profiles.yahoo.com/u/PP2KC2NKYXJ5AUNAJWRZTBRPUA Matty G

    Wait, so I’m not supposed to download apps with “sexy” or Chinese/Mandarin in the title?

  • http://www.facebook.com/people/Miguel-Mcdowell/757309458 Miguel Mcdowell

    This is a serious problem with a simple solution. Just do about thirty seconds of research on what you want to download and all problems are gone!

  • http://www.facebook.com/people/Miguel-Mcdowell/757309458 Miguel Mcdowell

    This is a serious problem with a simple solution. Just do about thirty seconds of research on what you want to download and all problems are gone!

  • Mr. Joe

    Who would download an app called Quick Delete Contacts? I mean seriously is it that time consuming to delete a contact from android?

  • http://www.twitter.com/slinky317 slinky317

    What annoys me is that this mess took advantage of an exploit that was FIXED IN GINGERBREAD! Yet here it is, four months after its announcement, and Gingerbread is only on the two dev phones – with the Nexus One only getting it just recently.

    Google needs to start leaning on manufacturers to release these updates in a quicker fashion. Maybe give them access to it ahead of time to start working on custom skin integration, or just make it so you can download the new version without a skin. Something has to be done to get these updates out quicker to devices.

    Yes, I know you can root and flash to the new ROMs right away. However, the average Joe Schmoe user does not know about rooting or custom ROMs. And more than likely, it’s that type of user that’s going to be the one downloading the types of malicious apps that were in the Market yesterday.

  • Anonymous

    Quit trolling iPhone lovers: http://gizmodo.com/#!5603319

  • Anonymous

    No one ever promised us our mobile devices (regardless of OS) would be free of malware forever. In fact it was only a matter of time. If you do a Google search for xxx or free …. and then you down load the first thing you find you are probably going to wind up a with a virus on your PC, right? Now people just need to exercise the same common sense as they do on a PC. But that’s the real problem, people want to click first and ask questions later.

  • Dshudson

    i had color blindness test.. lol dont ask me why

  • (v)urphy

    Off-topic: Any fix for the mobile site or is it just me?

    • Anonymous

      I get the same thing on my Xoom from time to time

  • Anonymous

    SHOOT! Uninstalling “Sexy Legs” as we speak!

    • Dshudson

      lol..
      Awesome

    • Brendan

      Rofl

  • Anonymous

    ***All I can say is, know what you are downloading to your phones, people. We’ve lived in a time filled with shady internet characters for a couple of decades now and you shouldn’t be blindly downloading apps from random developers. If you haven’t heard of the person listed under the app you are about to download, maybe you should take 30 seconds, read some of the comments, do a quick Google search, and see what you come up with.
    The first reaction for most people is to blame Google, but that’s a little unfair. If you want openness, then you need to educate yourself a little. Or you could all do your best to make the world a better place by stopping your searches for apps titled “Hilton Sex Sound” and “Sexy Girls: Japanese.”***

    Well put Kellex. We live in a society that doesn’t want to take responsibility for their own actions. They want everything spoon fed to them. After all, if something goes in life, isn’t it always someone else’s fault?

    • blootz

      or just get the new iPhone on Verizon … no viruses or maleware like their computers… they just last and work.

    • fatfella

      A-m-e-n! That was my favorite part of the article and it sickens me that people no longer feel they have any responsibility in anything; even the things they do themselves.

    • Partnaz

      im sorry but saying that im spoon fed is way out of line, first of all I dished out a hard earned $400 for 2 android epics for me and my wife and I’m still waiting for 2.2 froyo on top of that I’m paying over $100 a monthn for a family plan , just so I can use the phone, if anyone. Is being spoon fed its the people who are too lazy to keep the people who are feeding them happy by not providing the proper service that is being paid for.

  • Loskid

    Google did their job. 2.2.2 and up is immune to this malware attack. It is the manufactures that are letting us down at this point. I realize that rome wasn’t built in a day, but there are other reasons Google releases new versions of android that don’t just make it look prettier.

    • DBEvans

      The argument that 2.2.2 and above is safe just plays into the hands of those pushing the fragmentation myth.

      The actual OS fragmentation is pretty darn close to that of other OS’s. The fact that so many haven’t been updated yet to a “safe” release version isn’t a strong defense to put towards the general consumer market when you’re already trying to battle the fragmentation myth.

    • The350zWolf

      You are right but this instance of unscrupulous people attacking android users will give an excuse to the manufacturers to lockdown bootloaders and prevent people from rooting their hardware, then we will be inundated with underperforming addons like blur. It is our own personal responsibility to make sure that we don’t get infected. I do have Lookout and perform routine scans on my phones.

  • DBEvans

    I always research apps before downloading them; but for the mainstream consumers, there really needs to be some sort of certification system by a group that reviewed released code/apps. It doesn’t even need to be created by Google, although it would be helpful if they helped in its creation – maybe by encouraging the developer’s group to agree on a single authority.

    Granted, a big obstacle is that a third party group would likely need to charge to review apps, which would increase developer costs, which would get passed onto consumers. Then you need buy-in from enough developers to make any such system viable – as well as some method of allowing for verification of the certifications listed (some sort of hash-checking to verify the thrumbprint of the app matches the one that was certified).

  • http://twitter.com/mnkyhead mnkyhead

    I bet this will come up in the *Pad announcement today, just sayin’

  • lye

    I’m sure apple has a hand in some way for making malware for androids.

    • androidusr

      thats funny,and maybe true. damn u steve jobs,damn u to hell! :p

  • http://twitter.com/EvanTheGamer EvanTheGamer

    I ALWAYS do some research before downloading any app, whether paid or not, unless I already know the dev and have downloaded from him/her before. And that’s what everyone needs to do, so they don’t get trapped like a lot of people already.

  • BasilofBakerStreet

    What device is this screenie from?

  • Mustagme

    This is exactly why the iPhone and iOS is superior to Android. Android is buggy, virius filled and laggy.

    • surf05

      you joking right^^^^^ the word widget is still a foreign language to iOS…..

    • Anonymous

      App. Jukebox.

    • Anonymous

      moved

    • Anonymous

      Nothing you said is true. Malware != Virus. It maybe be malicious but there have been instances with the same and i*hones in the past. I don’t blame you for the short memory though, you don’t have to use your brain with crapple devices.

    • Adam Metzner

      Why are you here? Go troll elsewhere

    • Tyler Buchanan

      And Apple has NEVER allowed a bad app that does anything bad into the market and only bans harmful apps like Google Voice…

    • http://twitter.com/EvanTheGamer EvanTheGamer

      lmao! Buggy? Maybe if you’re a moron(you must be) and download anything under the sun without checking into what you are actually downloading first, sure, there might be some bugs, but if you are responsible with what you download, then no, the iPhone and iOS is not superior..quite the opposite, friendo. And also lacks complete customization.

      So run along now…go play with your dull iPhone with no customization. :)

    • Chris Nimon
    • Brendan

      Ha. Good one oh wait f*** you

    • Anonymous

      That is so far from the truth it’s insane! The exact opposite of what you just said is actually true

  • http://twitter.com/XoomBlog XoomBlog

    I think there needs to be some type of app approval process. There could be hundreds more out there and we won’t know until it’s too late. It may take a while for Apple to accept apps, but when was the last time you heard of an iOS app being a virus/malware?

  • Anonymous

    “Sexy Girls: Japanese” is an infected app? Damn it! I have such a hard time finding sexy Asian apps. :P

    • Anonymous

      Where else can I get my Paris Hilton sexy sounds fix……

  • Kevoskee

    Finally, Lookout does some real work

    • KnightDavid

      LOL, those were the exact words that went through my head when I first started reading the article.

  • http://twitter.com/bandroidx bandroid

    lookout is a joke, “known instances” cause its not a real av software, it just checks apk names against a db, prove me wrong!!!!!

  • EC8CH

    string ‘em up

    • Anonymous

      If any community has the ability to track and lay down some vigilante justice, I believe it’s the Android community.

  • Wherethehypenowkellex

    Great lol I’m glad I switched to iPhone where they actually check and make sure apps are ok before they just throw them in app store lol…good job android lol Google such idiots

  • Anonymous

    I still love the Android Market. 50 apps out of 200,000+, and they’re gone. Oh, and they still probably only affected those who refuse to read the prompts telling them what the app has access to, and when Android prompts in app when the app tries to access something else, requesting your permission (at least, that’s how it works on my 2.3 Droid).