Google cleans the Android market

Several applications at the Android market were found to contain some sort of Malware code which gave the pirates ROOT access to the phone as well as detailed information like the IMEI number. Some of the malware even created backdoors for an easier access to the system.

Banned from the Market

Last week three software developers was banned from the Android market. The users that went under the name “Myournet”, “Kingmall2010” and “we20090202” was banned from the market for releasing applications that contained a malware code called DroidDream. As of today over fifthy applications has been found containg this kind of source code.

What does the DroidDream do?

When the bad source code was found, the Android Police took action and started to analyze the application. The DroidDream’s mission was found to Root the infected device, collect sensitive device info like IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity) and send these to a remote server. The DroidDream also contained a hidden .APK file (When an app is downloaded from the market, it is the <appname>.apk file that is recieved and installed on the device. It’s like the “setup.exe” file on Microsoft Windows systems that is used to install softwares). This hidden .APK file was later on installed by the malware code and was used to collect even more sensitive information. 

The list

The list of applications containg the DroidDream malware has been provided by “Lookout Inc.” which is known for Android mobile security systems. It is highly recomended that any of the following applications listed below are removed from the device ASAP. In worst case, have the device formated and reinstalled. In some cases it’s possible to download and install the “DroidDream Cleaner” application provided by Lookout Inc. from the market. To keep the Android device safe, Nordic-Vikings.net highly recommend that you install the “Lookout Mobile Security” application which is avalible at the Android market.

Full list of infected applications published by “Myournet”:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

 

Full list of infected applications published by “Kingmall2010″:

  • Bowling Time
  • Advanced Barcode Scanner
  • Supre Bluetooth Transfer
  • Task Killer Pro
  • Music Box
  • Sexy Girls: Japanese
  • Sexy Legs
  • Advanced File Manager
  • Magic Strobe Light
  • 致命绝色美腿
  • 墨水坦克Panzer Panic
  • 裸奔先生Mr. Runner
  • 软件强力卸载
  • Advanced App to SD
  • Super Stopwatch & Timer
  • Advanced Compass Leveler
  • Best password safe
  • 掷骰子
  • 多彩绘画

Full list of infected apps under the developer name “we20090202″:

  • Finger Race
  • Piano
  • Bubble Shoot
  • Advanced Sound Manager
  • Magic Hypnotic Spiral
  • Funny Face
  • Color Blindness Test
  • Tie a Tie
  • Quick Notes
  • Basketball Shot Now
  • Quick Delete Contacts
  • Omok Five in a Row
  • Super Sexy Ringtones
  • 大家来找茬
  • 桌上曲棍球
  • 投篮高手

(myLookout.com 2011)

Google takes action

Lookout Inc. has reported the event to Google which is the owner of Android, and Google took action!

Google inspected the problem and quickly removed the applications from the market. But google did more. As some people have great understanding of how computer systems works, many of us just know how to use it. Due to this, google fixed the problem for us. Google started to remotely access many of the devices that had been using any of the listed applications, and removed the application from the users system. Then a security patch was installed to clean the device of any other threats. Since not all the users were online during the removal campain, the affected users have recieved a notice in their google mail account.

Good work Google!

The work Google did to help their customers was highly appreciated, and shows us that they care for their users.

But it’s kind of interesting that Google already has a remote/backdoor feature to our devices..

 

 

© 2011 Nordic Vikings

Leave a Reply