March 2, 2011 | by Lars Aronsson
We’ve heard various reports of malevolent apps in the Market over the last couple of years, but the malware in question has rarely posed any real threat and few users have been affected. This particular piece of malicious code, however, seems to have been unusually cunning and insidious.
Apparently, someone stole 21 well-received apps, infused them with root exploits and then republished the applications in the Market under different names. In just four days, the hijacked apps were downloaded between 50 000 – 200 000 times.
Lompolo who discovered the threat says he accidentally came across one of these applications and noticed that it had the wrong publisher. He downloaded the app, extracted its .APK and made the conclusion that it contained the so called “rageagainstthecage” root exploit.
Android Police did some further investigation and the 21 apps were designed to steal IMEI and IMSI numbers, and they even had another .APK inside the code that grabbed all info it could, such as country, model, language and so forth. But that’s not all; the app inside the app apparently had the ability to download more code, so who knows what it could have been up to?
All phones running Android 2.2.2 and above have luckily not been vulnerable to the attack, and just five minutes after Google was notified of the malware by AP, the apps were pulled from the Market. Google even used Android’s kill-switch feature to remotely remove the apps from user’s phones. The bad news is that there are still a lot of devices running older versions of Android, and even if the apps have been uninstalled, any code that came in through the backdoor may still be there.
What do you think Google needs to do in order to prevent this from happening again?
These were the malicious apps by publisher Myournet:
- Falling Down
- Super Guitar Solo
- Super History Eraser
- Photo Editor
- Super Ringtone Maker
- Super Sex Positions
- Hot Sexy Videos
- Hilton Sex Sound
- Screaming Sexy Japanese Girls
- Falling Ball Dodge
- Scientific Calculator
- Dice Roller
- Advanced Currency Converter
- App Uninstaller
- Funny Paint
- Spider Man
Via [Android Police]