Security Update: Google Removes Malicious Market Apps

Security Update: Google Removes Malicious Market Apps

Mar 7, 2011

Last Tuesday Google’s Android team was informed of possible malicious applications published to the Android Market. These applications were found to contain a new type of Android malware called DroidDream. Using a root exploit and a hidden apk these applications were able to extract a multitude of information from infected devices. According to Lookout Mobile Security, over 50 applications were infected with DroidDream and were distributed via three separate publishers. These publishers used pirated versions of legitimate apps to infect over 200,000 users.

Thanks to some connected people and quick action, the infected apps have since been removed. An official response highlighting security concerns and actions taken was posted today on Google’s Mobile Blog:

  • We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
  • We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
  • We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
  • We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

Much criticism has surrounded the Android Market and its security which sadly turns into a finger pointing game. While Google and the Android team manages to patch such vulnerabilities and release them via updates, carriers and manufactures don’t always play along. This results in an unnecessarily high number of vulnerable devices. We could also turn the tables and ask why these malicious and clearly pirated apps were ever even allowed in the Market in the first place. Thankfully Google and the Android team wasted no time worrying about who to blame and simply took corrective action. Too little, too late? Maybe. Better late than never? Absolutely!

One thing we can count on is the Android community and they really are the ones we should be thanking. Specifically lompolo for being one of the first to discover the malicious apps and also Android Police for following up with the story. Within minutes of discovery, the Android community managed to provide information, get the apps removed, inform users and provide various solutions. Now that’s what I call community action!

Although these apps have already been removed from the Android Market, here is a list of the various apps and publishers infected with DroidDream:

Full list of infected applications published by “Myournet”:

Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠

Full list of infected applications published by “Kingmall2010″:

Bowling Time
Advanced Barcode Scanner
Supre Bluetooth Transfer
Task Killer Pro
Music Box
Sexy Girls: Japanese
Sexy Legs
Advanced File Manager
Magic Strobe Light
致命绝色美腿
墨水坦克Panzer Panic
裸奔先生Mr. Runner
软件强力卸载
Advanced App to SD
Super Stopwatch & Timer
Advanced Compass Leveler
Best password safe
掷骰子
多彩绘画

Full list of infected apps under the developer name “we20090202″:

Finger Race
Piano
Bubble Shoot
Advanced Sound Manager
Magic Hypnotic Spiral
Funny Face
Color Blindness Test
Tie a Tie
Quick Notes
Basketball Shot Now
Quick Delete Contacts
Omok Five in a Row
Super Sexy Ringtones
大家来找茬
桌上曲棍球
投篮高手

The most important question now for those who were unlucky enough to have downloaded any of the infected apps: “What do I do now?” Unfortunately, even though Google has removed these apps from the market and your phone, you will still need to do a complete wipe of your device. I’m sure that’s not what you wanted to hear but for now that’s the only solution I have heard of to ensure removal.

Sources: Android Police, Lookout Mobile Security, Google Mobile Blog

Vincent Messina
Self made billionaire, inventor of the Large Hadron Collider and owner of the New England Patriots soon found life quite boring. This kid at heart decided to trade it all to become the worlds first fun loving father, writer, musician with an ever growing obsession for little green robots.
Connect with Vincent Messina // email // www