More Android based malware files found

Users of Android based smartphones and tablets should continue to be aware of new malware threats that continue to pop up on the Android Market download service. Computerworld reports that two separate reports show that malware has been spotted that can infect Android-based devices, including a new version of a file that caused Android's owner Google to remove some files from the Android Market earlier this year.

One report comes from Lookout Security which found that four apps on the Android Market contained a variation of the malware known as DroidDream Light. This program "can prompt owners to download other apps from the market, bait users with a malicious URL or even automatically download more apps to the device." Google quickly removed the four infected apps from the Android Market on Friday. Lookout Security said that due in part to Google's quick actions the number of downloads of the malware from the Android Market was less than 5,000 files.

Earlier this week, another malware threat was discovered by Xuxian Jiang, an assistant professor in computer science at North Carolina State University. His blog site announced that he has discovered a new malware program called HippoSMS. While the malware was only found on illegal Chinese app stores rather than the main Android Market HippoSMS is still pretty nasty. According to the report the program makes an infected smartphone text a "premium" phone number where the revenues are taken in part by the malware's creators while also hiding its use by the smartphone owner.

Report a problem with article
Previous Story

Report: Google+ population could reach 20 million in a few days

Next Story

Yell and Microsoft announce advertising alliance

29 Comments

Commenting is disabled on this article.

Flaws in the software running those devices came to light after a German security agency warned that criminals could use them to steal confidential data off the devices. Apple, the world's largest technology company by market value, said Thursday that it is working on a fix that will be distributed in an upcoming software upgrade.

With the security hole, an attacker can get malicious software onto a device by tricking its owner into clicking an infected PDF file. Germany's Federal Office for Information Security called the flaws "critical weaknesses" in Apple's iOS operating system.

Gaara sama said,
Flaws in the software running those devices came to light after a German security agency warned that criminals could use them to steal confidential data off the devices. Apple, the world's largest technology company by market value, said Thursday that it is working on a fix that will be distributed in an upcoming software upgrade.

With the security hole, an attacker can get malicious software onto a device by tricking its owner into clicking an infected PDF file. Germany's Federal Office for Information Security called the flaws "critical weaknesses" in Apple's iOS operating system.

This hole has been around for quite some time. It is used to jailbreak the devices from their ownboard web-browser. Im pretty sure this is the 3rd revision of the PDF exploit. Of course outside jailbreaking anyone could install anything on your phone. Apple dont do OTA syncing so unless you manually find or sync apps with iTunes you're a bot now

It's amazing how many reports of malware are reported and found on android. If you get infected, it's your own fault. Android apps all come with a list of permissions before you install the app or any updates. So if you're lazy and don't read them, or you don't understand/agree with them, don't install them. Read reviews and look at the permissions apps want. Then decide.

It's like having a Windows Machine, MS patches holes monthly to their OS. Google, IMO has handled the few instances of rouge apps pretty well and remove them.

Sure, there's exploits within the browser, but so does Safari on iOS. Nothings perfect.

People just need to learn to read and use common sense. Sadly, this will never happen.

presence06 said,
It's amazing how many reports of malware are reported and found on android. If you get infected, it's your own fault. Android apps all come with a list of permissions before you install the app or any updates. So if you're lazy and don't read them, or you don't understand/agree with them, don't install them. Read reviews and look at the permissions apps want. Then decide.

It's like having a Windows Machine, MS patches holes monthly to their OS. Google, IMO has handled the few instances of rouge apps pretty well and remove them.

Sure, there's exploits within the browser, but so does Safari on iOS. Nothings perfect.

People just need to learn to read and use common sense. Sadly, this will never happen.

+1. Android really is the Windows of the smartphone world.

presence06 said,
It's amazing how many reports of malware are reported and found on android. If you get infected, it's your own fault. Android apps all come with a list of permissions before you install the app or any updates. So if you're lazy and don't read them, or you don't understand/agree with them, don't install them. Read reviews and look at the permissions apps want. Then decide.

It's like having a Windows Machine, MS patches holes monthly to their OS. Google, IMO has handled the few instances of rouge apps pretty well and remove them.

Sure, there's exploits within the browser, but so does Safari on iOS. Nothings perfect.

People just need to learn to read and use common sense. Sadly, this will never happen.

The permissions are just obscure and not always is it obvious to determine why an app requires certain permissions. So I wouldnt blame it on the user. The whole permissions thing sounds like a save-face thing, rather than being useful. Advanced users should be allowed to revoke certain permissions to apps while still allowing to install and run those apps

Hurricane Andrew said,
In other news, people who walk alone down dark alleys in New York are more likely to be mugged...

I live in NYC and you have no idea what you are talking about. It happens in well lit areas as well.

Hurricane Andrew said,
In other news, people who walk alone down dark alleys in New York are more likely to be mugged...

You should be demanding Google scan every app for malware instead of trying to brush this off on the user.

wvu212 said,

You should be demanding Google scan every app for malware instead of trying to brush this off on the user.

They do run virus scans over all submitted apps. I guess these are the few that slip through.

Why do most of these reports fail to name each infected app that was supposedly removed from the market by google? I want names!!!
On the other hand, most of the times it's crappy apps that no self-respecting geek would ever remotely install.

Julius Caro said,
Why do most of these reports fail to name each infected app that was supposedly removed from the market by google? I want names!!!
On the other hand, most of the times it's crappy apps that no self-respecting geek would ever remotely install.

..from illegal warez stores/markets..

Julius Caro said,
Why do most of these reports fail to name each infected app that was supposedly removed from the market by google? I want names!!!
On the other hand, most of the times it's crappy apps that no self-respecting geek would ever remotely install.

Here is the list of the new known malware infested apps

Quick FallDown
Scientific Calculator
Bubble Buster
Best Compass & Leveler Note: There is legitimate application that has a package name similar to that of Best Compass & Leveler. The Trojanized application capitalizes the package name (i.e. com.gb.CompassLeveler), while the legitimate application does not (i.e. com.gb.compassleveler).

Ruciz said,

..from illegal warez stores/markets..

Mostly. I've uninstalled that garbage from so many of my friends phones. I told them the risks they run into and have sent them links to stories like this.

UndergroundWire said,

Mostly. I've uninstalled that garbage from so many of my friends phones. I told them the risks they run into and have sent them links to stories like this.

Yet I'll bet this doesn't stop some of them from still doing it.... God knows how many times I've warned people not to browse dodgy sites or download browser plugins etc but they still do and then continue to deny it...

Funny how people say that Linux can't get viruses. Isn't Android Linux? This just proves that you're never safe, no matter what platform you use.

PlogCF said,
Funny how people say that Linux can't get viruses. Isn't Android Linux? This just proves that you're never safe, no matter what platform you use.

Its really just the fact that if you know how to use Linux then your probably smart enough not to download malware/viruses. Pros like myself know when clicking 1 link is 1 link too many. Its like a 6th sense.

PlogCF said,
Funny how people say that Linux can't get viruses. Isn't Android Linux? This just proves that you're never safe, no matter what platform you use.

actually its devik VM running on a linux kernel. The programs are pre-compiled for this VM, which contain the malware. If you use linux as it was supposed to, and verify and run from source, you won't get viruses.

Running ANY pre-compiled program on any OS can result in malware/viruses or other

Rusty.Metal said,
Its really just the fact that if you know how to use Linux then your probably smart enough not to download malware/viruses.

Kind of goes against the whole "making Linux friendly for everybody" thing I keep reading about. Besides, it's not that it's immune, it's just that the malware authors don't care. There's no money in it. Make money off of a popular phone or target a fringe minority that works under the assumption that anything and everything must be free? Not a hard choice.

PlogCF said,
Funny how people say that Linux can't get viruses. Isn't Android Linux? This just proves that you're never safe, no matter what platform you use.

That's what I keep saying. If Apple had more market shares today than Windows, Apple would have to worry about viruses as well.

It used to be (before Verizon) that nerds had Android phones. Now everyone has one. The Android Market is not restricted and you can download any garbage out there. People need to be careful.

Max Norris said,
Besides, it's not that it's immune, it's just that the malware authors don't care. There's no money in it.
Also, most Linux users outside of Android are much more tech-savvy and know what the hell they're doing. They are a lot less likely to wind up with a virus on their system than the average user of Windows or Mac OS.

Ruciz said,
If you use linux as it was supposed to, and verify and run from source, you won't get viruses.

Wow, you're so smart. Please show me how you "verify and run from source". A video would be helpful.

UndergroundWire said,
That's what I keep saying. If Apple had more market shares today than Windows, Apple would have to worry about viruses as well.

People tend to forget that Apple still is marginalized when it comes to market share, simply because "everybody has an iphone"

Ruciz said,

actually its devik VM running on a linux kernel. The programs are pre-compiled for this VM, which contain the malware. If you use linux as it was supposed to, and verify and run from source, you won't get viruses.

Running ANY pre-compiled program on any OS can result in malware/viruses or other


if you verify sources for windows, you wont get a virus either. 99,99% of virus infections are because of the user, not a faulty OS.