Google Pulls More Malware-Infected Apps From Android Market

Party Rooster

Unleash The Beast
Google Pulls More Malware-Infected Apps From Android Market
PC Magazine
Mon Jun 13, 6:15 am ETGoogle has removed more apps from its Android Market due to malware, some of which appear to exploit the popularity of apps like Angry Birds.

Google removed 10 apps from the market pending investigation after they were discovered and reported by Xuxian Jiang, an assistant professor at NC State University's Department of Computer Science.

"While continuing an Android-related research project after the discovery of the DroidKungFu and YZHCSMS malware, my research team also came across a new stealthy Android spyware in the Official Android Market," Jiang said in a statement.

Known as Plankton, the spyware "does not attempt to root Android phones but instead is designed to be stealthy by running the payload under the radar," Jiang wrote. "In fact, Plankton is the first one that we are aware of that exploits Dalvik class loading capability to stay stealthy and dynamically extend its own functionality."

There are at least 10 Plankton apps from three different developers, Jiang said. Their stealth nature has enabled them to remain undetected in the market for more than two months.

On Friday, Webroot analysts Andrew Brandt and Armando Orozco took a closer look at Plankton and found that it was focused on the popular game series Angry Birds. "Some of the samples we looked at came as Android apps with names like Angry Birds Rio Unlocker v1.0, Angry Birds Multi User v1.00 or Angry Birds Cheater Trainer Helper V2.0," they wrote in a blog post.

When you install the offending apps, you'll see the following message: "Welcome! Simply click on the button below to unlock ALL levels in Angry Birds Rio. This will not delete your scores but might change the number of pineapples and bananas you have."

Of course, the apps do no such thing. "Instead, the malicious apps install additional code into the Android device into which they're installed," Webroot said. "These additional functions provide remote access and control of the Android device to, presumably, the distributor of the malicious apps, whose identity remains unknown at this time."

Luckily, the Plankton creators labeled their code very distinctly, making it easy to wipe from a phone, Webroot said. Unlike other malicious apps, Plankton appears to provide access to sensitive data on a phone like browser history, bookmarks, and homepage settings in the built-in Android browser. Other malware apps have worked to obtain root, or administrative, access to the operating system.
Webroot, however, said it is investigating a "command-and-control server, which sends back instructions for the app to download an additional Java .JAR file."

"Early reports from the university researchers indicate that the payloads are simply reworked versions of the remote access code embedded in the Trojan, modified so they're slightly harder to detect using existing antivirus signatures," the researchers said.

How do you protect yourself? Webroot suggested using a little common sense. "Does the app sound like what it promises to do is too good to be true? Does it ask for all kinds of permissions that it shouldn't need to fulfill its mission? Did you get it from the official Market or a legitimate app store such as Amazon, or from some random app collection? If you can answer yes to any (or all) of these questions, just don't install the app."

This is just the latest in a string of malware apps removed from the Android Market. Earlier this month, Google removed more than two dozen apps from the Android Market due to malware. It was identified by mobile security firm Lookout thanks to a tip from a developer who noticed that modified versions of his and other apps were being distributed in the Android Market.

In early March, Google remotely deleted a series of applications from users' phones due to malware known as DroidDream and released a security update to rectify the problem.

Unlike Apple, Google does not monitor its apps once they are in the Android Market, responding only to complaints.

"We don't generally go back and try to make sure that every app does what it says it's going to do. [Google is] really trying to maximize the ability of small app developers to get online," Alan Davidson, director of public policy at Google, said during a recent appearance on Capitol Hill.
Say what you will about Apple and the iTunes store being so picky, but they don't have these problems.

Of course anyone who downloads "Angry Birds Cheater" deserves a virus.
Say what you will about Apple and the iTunes store being so picky, but they don't have these problems.
Well I, for one, am running out to buy an iPhone because 10 apps out of hundreds of thousands had an issue.
Well I, for one, am running out to buy an iPhone because 10 apps out of hundreds of thousands had an issue.
Maybe the people dumb enough to get a virus on a phone need something with training wheels like an iPhone. Don't be a fanboy. There's a definite place in the market for Apple, and the iPhone is a quality product.
Except, you know, if you want to make a call.
That's AT&T's problem. My unlocked T-Mobile iPhone never dropped calls and Verizon's iPhone seems ok. Even the antenna issue isn't as bad as it was made out to be.

I love my Android phone, but I'm not a fanboy.