Android DroidDream nightmare continues

gallery

A week after Google had to remove a host of apps infected with DroidDream malware, two major security firms have spotted further issues affecting Android.

When the Lookout Security Team discovered 50 applications on the Android market infected with a “stripped down” version of DroidDream, they were delivered across five developer accounts.

Lookout estimated between 30,000 and 120,000 users were hit by DroidDreamLight when it reported on the situation in May.

Symantec said today it had found additional publisher accounts pushing out apps containing the so-called DroidDreamLight malware.

Those accounts have now been disabled, however, and Symantec said the actual threat from DroidDreamLight was not as significant as its predecessor.

“The key point to note is that even though the news of the return of ‘Droid Dreams’ has created a bit of a stir with approximate high download rates being quoted - due to the fact that the threat was available through official channels - unlike its predecessor, this threat does not carry out any system level exploits and does not require the infected user to carry out any complex steps to restore the device back to the pre-infection state,” Symantec explained in a blog post.

“At its core, Android.Lightdd is a downloader Trojan, but with certain caveats. The threat is subject to the Android security model, therefore any download attempts will not work, as long as the user does not consent to the installation of the suggested app.”

In March, Google promised to up its security game after over 50 DroidDream infected apps were found on the Android Market and subsequently removed.

Kung Fu Droid

But security fears surrounding Android have not subsided this week.

F-Secure discovered another piece of Android malware using a root exploit and delivered inside an application, which it detected as Trojan:Android/DroidKungFu.A.

The malware could delete specific files on infected devices, or even run certain apps on a phone or tablet, F-Secure said in a blog post today.

It could also harvest information, including users’ mobile number, phone model and IMEI number.

Researchers at North Carolina University also spotted DroidKungFu on more than eight third-party Android app stores and forums based in China.

The researchers claimed the malware could avoid detection by mobile anti-virus software, whilst doing some "nasty" things.

“In Android versions 2.2 (Froyo) and earlier, DroidKungFu takes advantage of two vulnerabilities in the platform software to install a backdoor that gives hackers full control of your phone,” a post on the university’s website read.

“Not only do they have access to all of your user data, but they can turn your phone into a bot – and basically make your smartphone do anything they want.”

Trojanised apps featuring DroidKungFu have not been spotted on the official Android Market.

Email to a friend

Print this page