Virus invades Android Marketplace
Well-known apps re-written to contain malicious code
Over 50 applications available on the Android Marketplace have been discovered to contain a virus, according to the BBC. The malicious apps, copies of existing applications repackaged to contain virus code, may have been downloaded up to 200,000 times by unsuspecting users.
All of the apps that have been found to contain the virus, called DroidDream, have now been removed from the Android Marketplace.
The malicious apps were discovered by a Reddit user called Lompolo who realised one particular app was listed under a publisher who had not created it. The app, which allows users to play guitar on their phones, was a copy of the original app, but had malicious code buried within it.
Google reacted quickly to the information, removing the malicious apps rapidly from the Android Marketplace.
"On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don't affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific [IMEI/IMSI, unique codes which are used to identify mobile devices and the version of Android running on your device]. But given the nature of the exploits, the attacker(s) could access other data, which is why we've taken a number of steps to protect those who downloaded a malicious application," said a statement written by Rich Cannings, Android Security Lead on Google's official blog.
Google removed the malicious applications from Android Market, suspended three associated developer accounts, and contacted law enforcement about the attack. Google is currently remotely removing the malicious applications from all affected devices, according to the blog post.
"We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from firstname.lastname@example.org over the next 72 hours. You will also receive a notification on your device that "Android Market Security Tool March 2011" has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email," said Cannings.
Google is also working on measures to help prevent additional malicious applications using similar exploits from being distributed through Android.
According to Google, the latest version of Android, known as Gingerbread, is not vulnerable to the exploits DroidDream uses.