New Type Of Android Trojan Charges For Premium SMS Services

GG Tracker is a new Trojan which has recently been discovered by the lovely people over at Lookout. If users are infected by the Trojan, they are directed to an imitation of the Android Market on their mobile, to download a free app. Once it is downloaded it unknowingly goes to work by signing you up for a ton of premium SMS services, and it’s all downhill from there. Lookout has done a very extensive write up on what it is, how it works, and how to avoid it. Tim Wyatt of Lookout writes:

Lookout has identified a new Android Trojan, GGTracker, which is automatically downloaded to a user’s phone after visiting a malicious webpage that imitates the Android Market.  The Trojan is able to sign-up a victim to a number of premium SMS subscription services without the user’s consent.  This can lead to unapproved charges to a victim’s phone bill.

Have you all been browsing bad websites? Let me just say that this issue could seriously be alleviated if we all just took two seconds and make sure that what we’re browsing is such a good idea. If you’re on the Android market’s website, you better see “Android Market” somewhere in the URL.  (more…)

Lookout Identifies Another 34 DroidDream Malware Apps in the Android Market

Back in March, a number of potentially dangerous apps were found in the Android Market that had the ability to root your phone and proceed to steal personal information.  What the developer behind them was doing, was looking for some of the more popular apps in the market, downloading and repackaging them with malware, and then uploading them to the market.  They were essentially duplicates that were difficult to spot to the average user.  The group of apps were dubbed “DroidDream” and were thought to be all but wiped out – and this weekend happened.

Our pals over at Lookout Security were tipped to another batch of apps that were posing a similar threat which they are now calling “DroidDreamLight” or DDLight.  Around 34 applications and 6 developers made the list which we have for you below.  I’d suggest that you take a quick look through them all and then browse through the app list on your phone to make sure you are clean.

And I hate that we have to do this, but again, to avoid these types of problems you need to be a little more careful when downloading apps.  If the app has only been downloaded a few times, has a low rating, and is from a developer you have never heard of, you should probably avoid it.  If the app contains the words hot, sex, girls, or breasts you should probably avoid it.  If you are browsing for free “fake” versions of legitimate paid apps because you are a cheap ass, go get a job just know that you are opening yourself up to a bad time.  This isn’t rocket science – only download from reputable developers and you’ll be fine.

The full list of developers and apps is after the break.   (more…)

Google Starts Remotely Removing and Fixing Malicious Malware from Affected Devices

There was a lot of talk last week about security on the Android platform after the DroidDream malware scare, but to help ease all of your minds, Google has released a statement detailing all of the steps they are actively taking to make our mobile world a safer place.  We should point out that anyone running anything less than Android 2.2.2 was susceptible, so please read the 4 steps below carefully to see what you need to be on the look for.

  1. We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
  2. We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
  3. We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from [email protected] over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
  4. We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

And as you can see from our picture above, there is an app in the market that will help remove garbage from affected devices.  You don’t need to download it though; it’s just there so that Google can remotely push it onto devices in need.  More info can be found here.

Via:  Google Mobile Blog

Thursday Poll: Worried About the Android Market and Malware in Apps?

After yesterday’s DroidDream malware story jumped into the tech spotlight, we heard opinions on the situation from a few of our readers, but never really got the feeling that any of you were all that concerned about any of it.  Sure, some of the big tech sites jumped on it and made it sound like Android was the worst thing to happen since Paris Hilton’s birth, but for the most part, average users seemed to be confident in the Google team and the openness of the market.  Is that the case or are you all just not being vocal about it?  No better way to let your voice be heard than through one of our polls.  So tell us…

Are you worried about the Android Market and malware in apps?

View Results

Loading ... Loading ...

DroidDream Malware Enters Official Android Market, Chaos Ensues After Root Exploit Found Embedded

Yesterday was a bad day for the Android Market.  Popular Redditor lompolo discovered odd duplicates of some very popular apps in the market and decided to download a few to see exactly what the difference was.  The news was not pretty, and the guys at Android Police jumped all over it, looking for more.  What did they discover?   Well, that developer “Myournet” was taking popular apps from the market, repackaging them with malware included, and then republishing them to the market alongside the legitimate version.  Included in these new versions was the famous root exploit “rageagainstthecage” (yep, it was rooting devices) and other embedded apks which had the potential to do some serious damage and steal more information than you can imagine…

…it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

But that’s not all.  Android security machine Lookout, stepped into the situation to help ease minds of their customers, but also found two additional developers that were distributing similarly affected apps:  Kingmall2010 and we20090202.  With these 3 “developers” combined, there were more than 50 apps in the official Android Market that could potentially steal a massive amount of information from your smartphone.   (more…)