By
updated 3/14/2011 2:14:10 PM ET 2011-03-14T18:14:10

Just four days after Google began erasing the data-stealing Android malware called “DroidDream” from users’ smartphones, online criminals have hijacked and retooled Google’s own security update in order to keep the scam going.

Researchers at the security firm Symantec reported yesterday (March 9) that they had found a corrupted version of Google’s own Android Market Security Tool on an unregulated third-party Chinese app market.

The real Android Market Security Tool, pushed out to Android users March 6, removed the DroidDream Trojan from the hundreds of thousands of infected Android devices.

The corrupted one contains another Trojan that sends users’ text messages to a remote command-and-control server. Its other features are still being analyzed by Symantec.

Sophos' Naked Security blog notes that while the real Android Market Security Tool is at version 2.5, the phony one is still at 1.5 -- for now.  The fake one also asks for six permissions during installation, instead of the real one's three.

Google brought out its Android Market Security Tool after 58 Android apps were found to secretly harbor the malicious DroidDream, which allowed attackers to steal a phone’s handset and user IDs and download rogue code from remote servers.

Google removed the infected apps from the Android App Market March 1.

Unfortunately, the Android app environment is beginning to resemble the Wild West, with rogue apps roaming free and not enough sheriffs to patrol them.  Android users need to be wary of EVERY app they install on their devices, even if it's from the official Android Market.  (Avoid third-party "off-road" app distributors.)

Pay attention to the permissions each app asks for before it installs on your device -- most ask for access to "Network communications" (so they can connect to the Internet) and "Storage" (to launch themselves), but there's no reason a game should ask for "Services that cost you money," for example.

 

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments