Wow - from our perspective, it's almost like the world exploded overnight. We have more information and details on the virus - which Lookout has named "DroidDream" (the word was consistently used in package names by the malware developers) - and some updates on where things stand.
First, we're absolutely amazed at how quickly Google reacted. As mentioned last night, our own Justin Case pinged a contact and the apps were pulled from the market within minutes. That's quite impressive, but then again, one of the developers whose app had been copied had been trying to get Goog on the job for just over a week. On the one hand, Google was quick to react to our hacker. On the other, they were slow to react to a developer, who should really be made the priority of the two. Either way, they pulled the app in question, and this is definitely one of those times that it's better late than never.
Google wasn't the only one on the ball: we were contacted late last night/early this morning by Symantec, Samsung, and Lookout. As the apps had already been pulled from the Market, they were looking to get their hands on the code - obviously, we obliged. Lookout has already updated their app to identify DroidDream and protect their users. However, the apps are now effectively nuked, and it's unlikely the hackers will attempt to use the same code again, so it may be too late to ever be useful.
Now, on to some more details of the virus. We should point out that this vulnerability was patched with Gingerbread, meaning any device running Android 2.3+ should be fine. In other words, if you're looking to play the blame game (which I'm not, but having read all the comments on the original post, many people are), then there's plenty to go around. The hole was fixed by Google, but it's relatively useless since many phones aren't yet running a version of Android that is protected. It's noteworthy that some manufacturers released updates that patched the exploit for devices without updating to Gingerbread; unfortunately, it appears that minority is quite a small one.
Perhaps most important is the question of what infected users can do about their situation, but it seems the answer is "not much of anything." Because the virus opens up a backdoor and can bring in new code at any time, the only way to really rid an infected device of any damage is to completely wipe it - not exactly the optimal solution, but it looks like the only one available, at least for now.
Finally, Justin notes that ROM developers working with pre-Gingerbread versions of Android can prevent the virus from backdooring in code by putting a dummy file at /system/bin/profile.
Update: XDA to the rescue. XDA Member Rodderik has come up with a ZIP file that does just what Justin suggested, and creates a dummy file at /system/bin/profile. For details and a download link, head on over here.
[Image Credit: MobileCrunch]