March 3, 2011

Virus Found In Some Android Market Apps

More than a dozen apps sold on Google's Android Market were recently found to be hiding malicious code that could hijack user information. This security breach, found on Wednesday, raises serious questions about the safety of the Android Market.

A Reddit user, going by the name Lompolo, discovered the virus-laden apps when he realized that one program was listed under the name of a publisher he knew had not written it, BBC News reports.

Lompolo found that the guitar simulating app was the same as the original but for a name change and virus code buried within it. Lompolo claims the rogue apps had been downloaded between 50,000 and 200,000 times since they were placed on the Marketplace.

Twenty-one apps were originally found by Lompolo to carry  the hacking code. An investigation by mobile security site Android Police, however, found the number to be more than 50. These applications are available on secondary Android app stores also.

The hacking code is activated when a user operates the shell application and as the program is run, the virus, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server. It is also able to see if a phone has already been infected and, if not, bypasses security controls and give its creator access to the handset. This allows the hacker to install any code on a phone or steal any information from it.

Google makes its "open" platform a major selling point, meaning Google doesn't hand-pick the apps that will be sold for phones running its operating system. Apple, by comparison, scrutinizes the app for code that it does not like and approves apps individually.

Graham Cluley, a senior technology consultant at the security firm Sophos, tells CNN "Apple has, by and large, run a very tight ship with the iPhone and it hasn't made it easy to get malicious software into the App Store."

Google has the ability to recall and uninstall such applications from phones but is not believed to have yet done this yet as it continues its investigation.

Rik Ferguson, writing on the Trend Micro security blog, pointed out that remote removal of the booby-trapped apps may not solve all the security problems they pose, "...this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection," he wrote, and advised anyone who believed they had installed one of the malicious apps to find out whether they need to get a new handset or re-install the operating system on the device they have.

Ferguson warns about the open nature of the Android platform, "This greater openness of the developer environment has been argued to foster an atmosphere of creativity," he wrote, "but as Facebook has already discovered it is also a very attractive criminal playground."

Google has removed the apps from the Android Marketplace and suspended the three accounts being used by the developer of the programs. The latest version of the Android operating system, known as Gingerbread, is not vulnerable to the exploits DroidDream uses.


On the Net: