For Android users, the refrain must be getting a little tiresome: Researchers have found another batch of apps in the Android Market that were infected with malware. Once again, it was the DroidDream malware family causing the trouble, but this time, it was just a handful of apps and they were only in the market for a little while.
This is the third known incident in which a variant of DroidDream has been found in a group of infected apps in the Android Market. And it’s the second warning in two days for Android users about malware-infected apps. Just yesterday, researchers at NC State University identified a new SMS Trojan that was in Android apps in unofficial markets in China. Now comes the news of a strain of DroidDream infecting four apps in the Android Market.
Researchers at Lookout found that the apps contained a version of the malware known as DroidDream Light, which is the same variant that was found in a batch of apps in June, as well. They estimate that the malware-loaded apps only were downloaded by fewer than 5,000 users before Google removed them.
“Four applications in the Android Market published by a developer
named “Mobnet” were found to contain malware that is nearly identical to
DroidDream Light. Though our analysis is still underway, these applications are likely published by the same author as the original DroidDream malware. Similar to the first samples of DroidDream Light found, these samples
are not reliant on the manual launch of the infected application to
start,” the researchers wrote.
The affected apps are Scientific Calculator, Quick FallDown, Bubble Buster and Quick Compass and Leveler. The infected compass app has a name that’s very similar to a legitimate app, the researchers said, with the difference being that the infected one uses capital letters in the name.
The version of DroidDream Light found in these four apps has a variety of remote-control and other capabilities, including the ability to download other apps and display prompts on the notification bar on the phone’s screen, directing the user to a URL, which is likely malicious. DroidDream Light also can download a new APK for the infected app, and then download an updated version of the malware.
As malware authors have focused more and more on mobile devices, Android has emerged as their preferred platform for mischief. The platform’s open architecture and the ease of getting apps into the official Android Market have made it a prime target for attackers in recent months. The Apple iPhone so far has been spared most of this unwanted attention from malware authors.