Saturday, August 20, 2011

Google pulls out malicious apps from Android Market

Google has removed at least 10 applications from its Android Market after it detected malicious code in the guise of add ons to one of its popular apps. Most of the infected apps posed as add ons or cheats to Angry Birds, a popular mobile applications developed by Rovio. The apps were spotted and reported by Xuxian Jiang, an assistant professor of computer science at North Carolina State University. According to Jiang, several apps included a stealthy spyware called as Plankton.
Plankton works like a parasite: latching onto its host applications as a background service which has no affect on that apps intended purpose. When a user runs an infected application on their Android phone, Plankton collects information such as the device ID and list of granted permissions and sends them via HTTP POST message to a remote update server, the NC State researchers found.
That remote server returns a URL pointing to an executable file for the device to download. Once downloaded, the jar file is dynamically loaded. In this way, the payload evades static analysis and is difficult to detect.
Analysis of the payload shows that the virus does not provide root exploits, but supports a number of bot-related commands. One interesting function is that the virus can be used collect information on users’ accounts.
The spyware reportedly uploads data such as browser bookmarks and browser history by connecting to the remote server.
A new malware called DroidKungFu was also detected.
In Android versions 2.2 (Froyo) and earlier,DroidKungFu takes advantage of two vulnerabilities in the platform software to install a backdoor that gives hackers full control of your phone. Not only do they have access to all of your user data, but they can turn your phone into a bot – and basically make your smartphone do anything they want.
According to reports, the malware is already being circulated outside the Android market. It is said that the high end malware is capable of bypassing anti-virus and installs itself in backdoor allowing hackers to take the control of the device.
This is just the latest in a series of apps being removed from the Android Market. Google recently pulled out more than two dozen apps from the Android Market over malware infection. In early March, Google was compelled to remotely delete apps from users' phones due to malware called as DroidDream. The search engine giant also issued a security update to rectify the malady.
Android Market is pretty popular among developers as here they get ample freedom which is not available at any other retail outlets. Contrary to Apple's iPhone, Android Market publishes the apps almost instantaneously. There are hundreds of free apps that are downloaded and installed daily. This freedom has certainly made the Android Market popular. But the popularity comes at cost like these vulnerabilities. Google does not monitor the apps that are launched in the Android Market but responds only to complaints.
View more articles from: Internet

No comments: