Android market apps, virus


The deadly apps were simply copies of existing programs which had malware DroidDream found in them, and have been taken off the site now and recalled.DroidDream fires sensitive data, such as a phone’s unique ID number, to a remote server.In addition the malware will check if the phone has been infected already. If it hasn’t the program bypasses security controls and hands its creator access to the handset.This means that the user can access information, including passwords for other personal things.
A Reddit user first noticed the problem after one program, which teaches people how to play a guitar on their mobile handset – was titled under the name of a publisher who didn’t write it.Lompolo discovered that the application was a carbon-copy of the original, however it had a name change and virus code added to is.The user had worked out that the corrupted application had been downloaded between 50,000 and 200,000 times after they were placed on the Marketplace.First of all Lompolo discovered 21 apps with the virus code – the final figure is thought to be twice as many, however, and they are still available on unofficial sites. This bestows the ability to install any code on a phone or steal any information from it.The latest version of the Android operating system, known as Gingerbread, is not vulnerable to the exploits DroidDream uses.Google has suspended three accounts being used by the developer of the apps. And the company is yet to issue a formal statement about the infected applications while it completes an investigation.This is the problem with open source. If you publish the source code for your app, anyone else can copy it and pass it off as something else. If the source code was something only the author had access to (as is the case with most commercial software), this could never happen. If Android has terms and conditions that require the source code to be published, then this could be their undoing: Having access to source code might make the hippies at the FSF happy, but most users will not care if it means saying goodbye to their privacy or security.Can’t resist a challeng Iron man. I love you fandroids, every bit of bad news is either ignored, made to look insignificant or attack their arch enemy Apple as the classic act of deflection. They always do this. These posts are typical of tech web posts of fandroids. This would NEVER happen on the Apple App Store, it has never, although the fandroids are so delusional that they think its a common occurrence across all platforms because it happens on their all the time. Keep your cheap plastic garbage, beg your manufacturer/carrier to please give you an OS update. Wet your self with your spec sheets, although you still wonder how come if its more powerful than iOS devices, the UI is choppy and its so difficult to use the damn thing (unless you are a tech geek). Look at the Motorolla exhume, it has this & that & it has Flash and its 4G. We will ship it, hang on, forgot to add Flash, hang on 4G is not even out there yet, but send in your exhumes and we will update it for you.Well done android you have officially played into apple’s hands! With all the reasons for apple closing off their software, this incident will be used as their justification. To be fair it would be hard to argue against. Even though some apple products are a straight rip off (ipad springs to mind) in terms of price to spec, if i did buy one i’d be safe in the knowledge it would not hacked and my details stolen- (so they say, but if anyone wants to enlighten me otherwise feel free). It’s shame this story will cause people like – “Mike, Melbourne, Australia”, to call other people morons and idiots etc and project his extremist pro-apple views while at the same time be offended when someone airs any view positve view on the competition, when in reality all we want is balanced view of pros and cons without fanboys of both sides ruining

The general thougth that virus writers only bother to go after the PC has been shattered once and for all, as it was found that 21 rogue apps with viruses embedded were available on the Android Market.The attack was discovered when Reddit user Lompolo discovered that 21 legitimate apps had been download, infected and uploaded under another name.”I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be,” wrote Lompolo. “Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK’s, they both contain what seems to be the ‘rageagainstthecage’ root exploit – binary contains string ‘CVE-2010-EASY Android local root exploit (C) 2010 by 743C’. Don’t know what the apps actually do, but can’t be good.”It was discovered after this that the rogue apps contained the DroidDream virus. This checks if your handset has been infected or not; if it hasn’t it runs known exploits to get full control.
Once in place, DroidDream collects personal data, including the handset’s ID, which is sent back to the virus writer. Potentially more devastating is that the virus lets the hacker upload more malicious code at will.
With a suspected 200,000 downloads of the rogue apps downloaded, that’s a lot of insecure handsets out there. However, it’s not thought that any of the upload features of the DroidDream virus have been used as of yet.
Google has responded to the threat and pulled all of the rogue apps and banned the publisher, Myournet, from the Market. More than 30 more infected apps have also been found since, bringing the total to over 50.
Android 2.3 (Gingerbread) users are immune to the DroidDream virus, but as that’s a minority of handsets, the majority of Android users are at risk. If you think that your handset could have been infected Android Police has a full list of infected apps. A removal tool is also being worked on.
The attack exploits the open nature of the Google Market, where apps can be updated and published instantly without having to go through any moderation process. There’s also no easy method to report suspect apps. Sounds like it’s time for Google to review its security policy on the Market, while the rest of us should take handset security a lot more seriously

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>