IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Android DroidDream nightmare continues

Android security fears escalate again thanks to researchers spotting more trojanised apps.

Android

A week after Google had to remove a host of apps infected with DroidDream malware, two major security firms have spotted further issues affecting Android.

When the Lookout Security Team discovered 50 applications on the Android market infected with a "stripped down" version of DroidDream, they were delivered across five developer accounts.

Lookout estimated between 30,000 and 120,000 users were hit by DroidDreamLight when it reported on the situation in May.

Symantec said today it had found additional publisher accounts pushing out apps containing the so-called DroidDreamLight malware.

Those accounts have now been disabled, however, and Symantec said the actual threat from DroidDreamLight was not as significant as its predecessor.

"The key point to note is that even though the news of the return of Droid Dreams' has created a bit of a stir with approximate high download rates being quoted - due to the fact that the threat was available through official channels - unlike its predecessor, this threat does not carry out any system level exploits and does not require the infected user to carry out any complex steps to restore the device back to the pre-infection state," Symantec explained in a blog post.

"At its core, Android.Lightdd is a downloader Trojan, but with certain caveats. The threat is subject to the Android security model, therefore any download attempts will not work, as long as the user does not consent to the installation of the suggested app."

In March, Google promised to up its security game after over 50 DroidDream infected apps were found on the Android Market and subsequently removed.

Kung Fu Droid

But security fears surrounding Android have not subsided this week.

F-Secure discovered another piece of Android malware using a root exploit and delivered inside an application, which it detected as Trojan:Android/DroidKungFu.A.

The malware could delete specific files on infected devices, or even run certain apps on a phone or tablet, F-Secure said in a blog post today.

It could also harvest information, including users' mobile number, phone model and IMEI number.

Researchers at North Carolina University also spotted DroidKungFu on more than eight third-party Android app stores and forums based in China.

The researchers claimed the malware could avoid detection by mobile anti-virus software, whilst doing some "nasty" things.

"In Android versions 2.2 (Froyo) and earlier, DroidKungFu takes advantage of two vulnerabilities in the platform software to install a backdoor that gives hackers full control of your phone," a post on the university's website read.

"Not only do they have access to all of your user data, but they can turn your phone into a bot and basically make your smartphone do anything they want."

Trojanised apps featuring DroidKungFu have not been spotted on the official Android Market.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Here’s the first look at Google’s new Bay View campus
Business operations

Here’s the first look at Google’s new Bay View campus

17 May 2022
Google offers UK SMBs £87,000 scholarships to boost tech skills
Careers & training

Google offers UK SMBs £87,000 scholarships to boost tech skills

10 May 2022
Google Cloud confirms it is building a dedicated team to support Web3 developers
Cloud

Google Cloud confirms it is building a dedicated team to support Web3 developers

9 May 2022
Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022