31
May
android-virus-1

Remember DroidDream - one of the worst malware apps that we've seen since Android's inception? Well, it appears that the developer of said malware is back at it again, with a  reported 25 infected apps (so far) found in the Android Market. Dubbed DroidDreamLight by the Lookout Security team, this infection is a stripped down version of its predecessor. Make no mistake, though - that doesn't mean it's any less malicious.

This malware was actually found by a developer of one the infected apps, when he noticed that a modified version of his own apk was being distributed in the Android Market. He reported this incident to Lookout, who then inspected the code and found code associated with DroidDream had indeed been implanted into it. Upon further inspection, the Lookout Team discovered 24 more apps that were being redistributed with the DroidDreamLight code injected into them - infecting an estimated 30,000-120,000 users so far.

DroidDreamLight goes into action when an infected device receives an incoming call, collecting  IMEI, IMSI, Model, SDK Version, and information about installed packages and uploads that information to remote servers, according to the Lookout Blog. DroidDreamLight does have the ability to download packages, but unlike its predecessor, it can't actually perform an update without the user acknowledging and approving the action.

Users of Lookout Mobile Security (free or light) are already protected from this infection, and you can rest assured that Google has already taken appropriate measures to prevent it from spreading any further - all of the apps in question have been removed from the Android Market until further investigation has been completed.

As far as the infected apps are concerned, here is the list provided by Lookout Mobile:

Magic Photo Studio

  • Sexy Girls: Hot Japanese
  • Sexy Legs
  • HOT Girls 4
  • Beauty Breasts
  • Sex Sound
  • Sex Sound: Japanese
  • HOT Girls 1
  • HOT Girls 2
  • HOT Girls 3

Mango Studio

  • Floating Image Free
  • System Monitor
  • Super Stopwatch and Timer
  • System Info Manager

E.T Team

  • Call End Vibrate

BeeGoo

  • Quick Photo Grid
  • Delete Contacts
  • Quick Uninstaller
  • Contact Master
  • Brightness Settings
  • Volume Manager
  • Super Photo Enhance
  • Super Color Flashlight
  • Paint Master

The Lookout Team went on to give some good advice on how to stay safe from malicious software:

  • Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
  • Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
  • Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
  • Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this Trojan.

      [Lookout Blog]

      Cameron Summerson
      Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

      • SlimDan22

        Wasn't the original droid dream sending information to Fremont, CA ?

        I dont know what kind of cyber crime laws Cali has but if it is still sending info to Fremont, CA i would think someone would subpoena the ip address in question and find out who is behind it

        More then likely it is just a tunnel to another service provider, but you never know, the culprit could be based in the U.S.

      • jgalan14

        Again wow, seriously this news freaked out my non geeks friends last time, wanted yo move to iOS.

      • sojophoto

        If you do not take the time to look at the ratings, the comments, or use common sense, this is what will happen. There is a certain risk inherent with anything you do on the Internet, but you need to use common sense and do your due diligence.

      • http://blog.firstdove.com Christian

        @jgalan14: In light of the recent news on the leaked Apple internal memo, that would have been a worse choice indeed.

        The news revealed the contents of an internal Apple memo which was leaked: customer-facing staff were instructed not to assist their customers in resolving a malware infection that has been popping up and troubling OSX users, as doing so would be admitting to its existence. In the memo, staff were told to neither "acknowledge" or "deny" the existence of the malware. Indicating that the company may be intending to smoke their way through - pretend there's no such thing, but when confronted with evidence of the malware, claim innocence that they have never pretended to disregard it.

        See: http://www.macnn.com/articles/11/05/19/first.major.malware.attack.on.macs/

      • http://blog.firstdove.com Christian

        Apple's platforms have traditionally yielded lower number of attacks due to their relatively lower market share (and not because they are magically "more secure" per se) and as such, is not as rich a target for the fulfillment of would-be malicious intent. With the rising popularity of iOS, (and hence by extension OSX, since users who want to develop for iOS are forced to buy an Apple computer - Apple has prohibited the development iOS apps on competing OSes), the lure of attacking Apple OSes are set to rise.

      • koolkat

        I have had an app called Callend Vibrate on my phone for over a year. Mine is by conwood, not E.T Team as listed above. I also have Lookout Mobile Security, and it hasn't flagged this app. Is mine the malware one?

      • nym

        negative, ghost rider.

        • koolkat

          Thanks for the reply. Had me a bit worried there. Like the Top Gun quote.

      • nandroid

        oh noes, i better go buy an idrone before my android steals my car and molests my wife!

      Quantcast