News

Google tosses malicious Android apps from Android Market

Robert Westervelt, News Director

Google has taken action to delete more than a dozen cloned applications hosted on its Android Market after they were found to be malicious, racking up expensive text messaging charges on owners smartphones.

    Requires Free Membership to View

We’ve already seen it done in the Android Market and we’re bound to see it happen on other platforms.

Roger Thompson, emerging threats researcher, Verizon ICSA Labs.

A developer created cloned copies of about a dozen popular gaming apps, including Angry Birds, Cut the Rope and Assassin’s Creed Revelations, according to a blog post published Monday by U.K.-based security vendor Sophos. The malicious Android apps were uploaded Sunday and were taken down by Google Android Market staff early Monday.

“Google's reaction has been quick, but not quick enough -- at least ten thousand users downloaded one of the malicious apps from the list,” wrote Vanja Svajcer, a principal virus researcher in the SophosLabs Naked Security Blog.

Users who installed the cloned games were warned that the application had access to the device’s SMS text messaging capabilities. The application developer also disclosed via the terms of service that users would receive premium text messaging charges.

Experts have been warning about the rise in malicious mobile applications that take advantage of device services to steal data, secretly send premium rate text messages or other nefarious activities. Roger Thompson, emerging threats researcher at Verizon’s security testing division, ICSA Labs, said it’s very likely that more applications will attempt to tap into device processes to gain access to the sensitive data of smartphone owners.

“We’ve already seen it done in the Android Market and we’re bound to see it happen on other platforms,” Thompson said in an interview with SearchSecurity.com.  “This is the method mobile attackers are likely to take.”

Rather than traditional desktop malware, “Trojanized” applications could initially cause trouble to individual owners and ultimately be a problem for enterprises, Thompson said. Attackers could steal account credentials and use them against corporate networks or they can tap into freely available information – data found on Facebook and other social networks – to conduct targeted social engineering attacks against employees, he said.

In March, Google removed more than 50 applications that contained a hidden Trojan called DroidDream. The search engine giant said it was building more safeguards into its Android Market to prevent hidden malware in applications. A second variant of DroidDream surfaced in July, infecting up to 5,000 people who downloaded the malicious applications. DroidDream gives cybercriminals the ability to break out of Android’s built-in application security sandbox feature.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: