Android malware found and removed on Google Play

Google's Android app store was the home for yet another malware program for a few weeks before its true nature was discovered. The malware is known as Android.Dropdialer and it was posted on Google Play, packaged under names such as Super Mario Bros and GTA 3 Moscow City, on June 24.

In a post on Symantec's blog, the software company said that Google's Android Security division quickly pulled the malware program from Google Play after being alerted to the issue by Symantec. By that time, the malware had been downloaded between 50,000 to 100,000 times.

Symantec speculates that the reason the malware wasn't discovered until a few weeks later was because it used an outside service to download the main package. The blog states:

In the case of Android.Dropdialer, the first stage was posted on Google Play. Once installed, it would download an additional package, hosted on Dropbox, called ‘Activator.apk’. This additional package sends SMS messages to a premium-rate number. An interesting feature of the secondary payload is that it prompts to uninstall itself after sending out the premium SMS messages—an obvious attempt at hiding the true intent of the malicious app.

This newest Google Play-Android malware discovery shows that people should be careful about downloading any program, even on authorized app download services.

Source: Symantec blog

Report a problem with article
Previous Story

Windows Server 2012 Essentials beta launched

Next Story

New Chrome beta poses security risks

22 Comments

Commenting is disabled on this article.

Does anyone want to still seriously argue that Google or Apple screens their App submissions as extensively as Microsoft?

The WP7 and WInRT frameworks were designed to be easily screened by Microsoft automation technologies. This comes from their massive security revamp and automation test technologies they have been using for several years now.

(As an example, this is how and why WP7 apps will be recompiled to be native WP8 bits on the same automation servers that do App screening.)

This doesn't make Microsoft' process fool proof, but in contrast to Google and Apple, it is many times more advanced just because the frameworks were DESIGNED for security screening.

andrewbares said,
LOL Microsoft's is just as bad as Apple's. Stop dreaming.

you really have no clue mate how well MS has made Windows 8 and the technologies not only in the OS, but the whole platform around it.

andrewbares said,
LOL Microsoft's is just as bad as Apple's. Stop dreaming.

I like google all the way. Since MS pushed Windows 8, u can't run games on it and that really pushes the game developers to stop making games on PC. lol

MS, you suck...

Kenny Kanashimi Chu said,

I like google all the way. Since MS pushed Windows 8, u can't run games on it and that really pushes the game developers to stop making games on PC. lol

MS, you suck...

So, why can't you run games on Windows 8? We haven't found a game yet that doesn't work properly...

Oh, you are talking Windows Phone 8...

Again, it has better game technology than Android or iOS, in fact it has better game technology than OS X and Linux. (Native code, DirectX, Direct3D - get it?)

I think you have NO IDEA what you are talking about whatsoever.

Adamb10 said,
Google needs to get their act together with the app store. It's ridiculous this kind of stuff gets on it.

No, this is called "open". This is what makes android great. Dont trade away your liberty for a false sense of security. Even Apples walled garden gets hit with malware.

Shea J said,

No, this is called "open". This is what makes android great. Dont trade away your liberty for a false sense of security. Even Apples walled garden gets hit with malware.

Once every 2 years, sure....

You can preach "liberty" all you want, but it has it's place, and a phone isn't it. I have my liberty on my PC where it's actually needed. I want my phone, which contains so many things personal to me, to be secure and restricted to what I need it to do as a phone, not to be a super computer that runs everything and anything "just because".

funkydude said,

Once every 2 years, sure....

You can preach "liberty" all you want, but it has it's place, and a phone isn't it. I have my liberty on my PC where it's actually needed. I want my phone, which contains so many things personal to me, to be secure and restricted to what I need it to do as a phone, not to be a super computer that runs everything and anything "just because".

And you never keep ANY personal data on your PC?

Javik said,

And you never keep ANY personal data on your PC?

Other than work files which are backed up, not really. At least no where near the same level. My phone has bank details, contacts, all their phone numbers, has the ability to call or text any number (including premium), saved logins in nearly every app, my location directly to my house!!, a camera facing me, etc. Much more personal, and much more room for abuse than the PC.

funkydude said,

Once every 2 years, sure....

I agree they don't find as much, but they've had several just in the last month, so not sure where you get once every two years.

funkydude said,

Other than work files which are backed up, not really. At least no where near the same level. My phone has bank details, contacts, all their phone numbers, has the ability to call or text any number (including premium), saved logins in nearly every app, my location directly to my house!!, a camera facing me, etc. Much more personal, and much more room for abuse than the PC.


^this
its a phone for Christ sake.

apk cannot install without activating 3rd party installation
the downloaded apk could not be installed if people we're more careful

got android here and while I would not blindly click on GTA Moscow ... I would question Google QA ... non - existent

even if they have 20 000 apps/day submission .... you would need 6 people with 100 virtual machines to detect crap app like dial outside # send weird text messages and other unwanted phenomena ... or am I a lunatic for thinking this?

zeta_immersion said,
got android here and while I would not blindly click on GTA Moscow ... I would question Google QA ... non - existent

even if they have 20 000 apps/day submission .... you would need 6 people with 100 virtual machines to detect crap app like dial outside # send weird text messages and other unwanted phenomena ... or am I a lunatic for thinking this?

At the very least they could use Symantec to scan their own crap app store.

Damn, that's brutal given what the name of the app was and knowing how many people would easily just up and click on those.