Android Market: thousands affected as 26 new malware apps discovered

Over 100,000 Android users may have been affected by malicious apps, as 26 more malware programs have been identified on Google’s Android Market.

Lookout Mobile Security made the discovery over the weekend, and believes that the rogue software was likely created by the same persons who created the ‘DroidDream’ malware that was discovered in dozens of Android apps a couple of months back.

The security firm followed up tips from legitimate developers who had noticed that their apps were being redistributed with modified code, and subsequently discovered a new stripped-down version of the same DroidDream code, which they’ve since dubbed ‘Droid Dream Light’.

Lookout has already informed Google of its discoveries, which has resulted in the offending apps being withdrawn from the Market.

According to Lookout, once installed on a user’s device, the user doesn’t even have to open the apps for their device to be at risk; the code can be activated by an external triggering event, such as an incoming voice call, which then prompts the device to send data to a remote server, such as the IMEI number and information about installed programs.

Google may choose to activate its ‘app kill switch’ to remotely wipe the problem programs from users’ devices, but for now, check the list below to see whether or not you may have infected apps installed on your device, and visit Lookout for more information on how to deal with them.

The list of infected apps includes:

 Magic Photo Studio

  • Sexy Girls: Hot Japanese
  • Sexy Legs
  • HOT Girls 4
  • Beauty Breasts
  • Sex Sound
  • Sex Sound: Japanese
  • HOT Girls 1
  • HOT Girls 2
  • HOT Girls 3

Mango Studio

  • Floating Image Free
  • System Monitor
  • Super StopWatch and Timer
  • System Info Manager

E.T. Tean

  • Call End Vibrate

BeeGoo

  • Quick Photo Grid
  • Delete Contacts
  • Quick Uninstaller
  • Contact Master
  • Brightness Settings
  • Volume Manager
  • Super Photo Enhance
  • Super Color Flashlight
  • Paint Master

DroidPlus

  • Quick Cleaner
  • Super App Manager
  • Quick SMS Backup
Report a problem with article
Previous Story

Report: 19 percent of US adults have made Internet phone calls

Next Story

Apple launches iWork for iPhone and iPod Touch devices

27 Comments

Commenting is disabled on this article.

There's nothing more reassuring than seeing that the company that created the protection I have on my phone were the ones to pick on this. It reinforces the idea that they're doing their job and keeping me safe.

I couldn't help but smile at some of the application names though. Just from the name some of them sound completely unnecessary, so why would people download them?

negroplasty said,
Who the hell downloads apps as stupid looking as some of those... you almost deserve what you get lol

They deserved to get their informations stolen because they didn't know? Android is like Windows Mobile was, a techies dream because it's virtually limitless. However, unlike WinMo, Android has a lot of regular non-techie consumers who will easily fall victim to things like this, much like Windows users. This will be the downfall of Android in the consumer space if they don't get this kind of activity tightened up.

So, its basically the hormonal imbalanced kids and those who aren't careful enough to at least do a LITTLE reading about what the install. ._.

Android REALLY needs to do something about the barriers to the Google Market.

I can't believe people actually download those "Sex Sounds" and "HOT Girls" apps.
Unlike iOS, Android has Flash...

Aethec said,
I can't believe people actually download those "Sex Sounds" and "HOT Girls" apps.
Unlike iOS, Android has Flash...

Fancy seeing you here, Aethec. I know what you're hinting at.

SK[ said,]Overrated. Sure its nice. But other than BBC iPlayer flash would be uninstalled from my Desire.

Try it on a newer handset. While it works with older handsets it really comes into its element with current ones.

Riva said,
I thought linux couldnt catch viruses

Virus / Malware / bots /Trojans/ rootkit they are all software. Just bad software.

techbeck said,

Malware and viruses are different.

Really? I hope you are joking, next time add a smiley face or something.

Linux can get viruses, spyware, malware, rootkits, etc etc etc...

Android's kernel and Android's VJM are both highly insecure, especially the VJM and the direction Google has taken it after they purchased it.

thenetavenger said,

Really? I hope you are joking, next time add a smiley face or something.
.

Yes, I made a mistake...sue me and curb the sarcasm. Meant to say spyware.

I look forward to your next sarcastic response.

Eh, who cares. Googles kill switch will fix all non rooted users....rooted users will reflash or restore a backup if they have probs. Easy fix.

The problem with Android App permissions is that you need to accept all the permissions or you can't use the app, you can't pick and choose permissions to give it. If there was a Sandbox for permissions you don't want to give, you could test out the app to see if it is legit before giving it the actual permission it requests. Quite often apps ask for silly permissions (eg: Dial phone calls for a Flashlight app), when really it is part of the Advertising system in it which should be treated separately to the App itself.

Simon- said,
The problem with Android App permissions is that you need to accept all the permissions or you can't use the app, you can't pick and choose permissions to give it. If there was a Sandbox for permissions you don't want to give, you could test out the app to see if it is legit before giving it the actual permission it requests. Quite often apps ask for silly permissions (eg: Dial phone calls for a Flashlight app), when really it is part of the Advertising system in it which should be treated separately to the App itself.
Answer = Cyanogenmod
http://www.google.com/url?sa=t...lVofrsCR0FtFttg&cad=rja

Thats what happens when you download crap from the just in tab, i always only download things that have been around and proven themselves...it's a shame but its how it works...