Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Google pulls 21 Android malware apps with Trojan rootkit, over 50,000 users infected
Thanks to a tip-off by a redditor, and some investigation by Android Police, Google has pulled 21 Android Market apps that were infected with a backdoor Trojan rootkit. If you downloaded any of the infected apps, they will be automatically deleted from your phone.The attack vector was ingenious, and plays on the Android Market's biggest weakness: the almost complete absence of app moderation. The nefarious developer crafted 21 apps that share the name of legitimate apps (such as 'Chess'), and into each of them he inserted some Trojan code. The apps then quietly report your sensitive data back to a remote server, while you play with your free app.
According to Android Police, the apps include a feature that automatically roots the phone (using the well-known rageagainstthecage rooting tool), which allows it to download and execute arbitrary code. Even though Google has pulled the infected apps, these downloaded bits of code could still remain on over 50,000 infected devices. If you think you be infected, you might want to perform a factory reset.
The scary thing is, there's nothing to stop the same app publisher from creating more malware-infected apps in the future, perhaps with the grander plan of creating a botnet. That's the problem with unmoderated ecosystems like the Android Market: you have to take the good with the bad, whether you like it or not. It's a bit like the Wild West in that regard.
Comments
5
Subscribe to commentsmotangMar 2nd 2011 11:24AM
I just got a horrible thought, Google is like MS of phone/tablet OS market! :-/
BatmanMar 2nd 2011 12:08PM
@motang
Want another thought?
Android = Windows Mobile
Do yourself a favor and buy a Windows Phone instead.
RoguetrekkieMar 2nd 2011 2:08PM
When these infected apps were removed from phones was there a message left on the phone informing the owner that the phone was compromised and further steps should be taken. And what good is a factory reset when it doesn't replace system apps that could be infected. What if we could call our provider and request an OTA OS replacement for our current version? They might frown on it, but I'm glad I know how to find a full SBF and flash my phone to remove any possible chance of infection! Droidx .340 unaltered!
Sebastian AnthonyMar 2nd 2011 6:51PM
@Roguetrekkie Nope, I doubt a message was given to the users who might be compromised.
Your carrier might take the phone and clean it 'properly' (though I don't know if they can do more than a factory reset!) -- or maybe you can get a full refund. I don't know.
Worth a shot though!
SilverWaveMar 3rd 2011 11:33PM
Hmm I wonder why they don't run a certified by Google programme and charge the devs for it?
Oh and scan all the apps automatically?