DroidDream Malware Enters Official Android Market, Chaos Ensues After Root Exploit Found Embedded

We may earn a commission when you click links to retailers and purchase goods. More info.

Yesterday was a bad day for the Android Market.  Popular Redditor lompolo discovered odd duplicates of some very popular apps in the market and decided to download a few to see exactly what the difference was.  The news was not pretty, and the guys at Android Police jumped all over it, looking for more.  What did they discover?   Well, that developer “Myournet” was taking popular apps from the market, repackaging them with malware included, and then republishing them to the market alongside the legitimate version.  Included in these new versions was the famous root exploit “rageagainstthecage” (yep, it was rooting devices) and other embedded apks which had the potential to do some serious damage and steal more information than you can imagine…

…it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

But that’s not all.  Android security machine Lookout, stepped into the situation to help ease minds of their customers, but also found two additional developers that were distributing similarly affected apps:  Kingmall2010 and we20090202.  With these 3 “developers” combined, there were more than 50 apps in the official Android Market that could potentially steal a massive amount of information from your smartphone.  

Lookout’s CTO had this to say on the situation…

DroidDream is packaged inside of seemingly legitimate applications posted to the Android Market in order to trick users into downloading it, a pattern we’ve seen in other instances of Android malware such as Geinimi and HongTouTou. Unlike previous instances of malware in the wild that were only available in geographically targeted alternative app markets, DroidDream was available in the official Android Market, indicating a growing need for mainstream consumers to be aware of the apps they download and to actively protect their smartphones. Lookout users are protected from all known instances of DroidDream.

All I can say is, know what you are downloading to your phones, people.  We’ve lived in a time filled with shady internet characters for a couple of decades now and you shouldn’t be blindly downloading apps from random developers.  If you haven’t heard of the person listed under the app you are about to download, maybe you should take 30 seconds, read some of the comments, do a quick Google search, and see what you come up with.

The first reaction for most people is to blame Google, but that’s a little unfair.  If you want openness, then you need to educate yourself a little.  Or you could all do your best to make the world a better place by stopping your searches for apps titled “Hilton Sex Sound” and “Sexy Girls: Japanese.”

And lastly, here are the apps you should probably avoid if they ever pop back up in the market…

Full list of infected applications published by “Myournet”:

Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠

Full list of infected applications published by “Kingmall2010″:

Bowling Time
Advanced Barcode Scanner
Supre Bluetooth Transfer
Task Killer Pro
Music Box
Sexy Girls: Japanese
Sexy Legs
Advanced File Manager
Magic Strobe Light
致命绝色美腿
墨水坦克Panzer Panic
裸奔先生Mr. Runner
软件强力卸载
Advanced App to SD
Super Stopwatch & Timer
Advanced Compass Leveler
Best password safe
掷骰子
多彩绘画

Full list of infected apps under the developer name “we20090202″:

Finger Race
Piano
Bubble Shoot
Advanced Sound Manager
Magic Hypnotic Spiral
Funny Face
Color Blindness Test
Tie a Tie
Quick Notes
Basketball Shot Now
Quick Delete Contacts
Omok Five in a Row
Super Sexy Ringtones
大家来找茬
桌上曲棍球
投篮高手

Via:  Lookout, Android Police

Categories

Tags

Collapse Show Comments
67  Comments