Google pulls 21 Android malware apps with Trojan rootkit, over 50,000 users infected

Thanks to a tip-off by a redditor, and some investigation by Android Police, Google has pulled 21 Android Market apps that were infected with a backdoor Trojan rootkit. If you downloaded any of the infected apps, they will be automatically deleted from your phone.

The attack vector was ingenious, and plays on the Android Market's biggest weakness: the almost complete absence of app moderation. The nefarious developer crafted 21 apps that share the name of legitimate apps (such as 'Chess'), and into each of them he inserted some Trojan code. The apps then quietly report your sensitive data back to a remote server, while you play with your free app.

According to Android Police, the apps include a feature that automatically roots the phone (using the well-known rageagainstthecage rooting tool), which allows it to download and execute arbitrary code. Even though Google has pulled the infected apps, these downloaded bits of code could still remain on over 50,000 infected devices. If you think you be infected, you might want to perform a factory reset.

The scary thing is, there's nothing to stop the same app publisher from creating more malware-infected apps in the future, perhaps with the grander plan of creating a botnet. That's the problem with unmoderated ecosystems like the Android Market: you have to take the good with the bad, whether you like it or not. It's a bit like the Wild West in that regard.

http://downloadsquad.switched.com/2011/03/02/google-pulls-21-android-malware-apps-with-trojan-rootkit-over-50000-infected

Google promises tighter Android Market security in wake of Trojan outbreak

When we first reported on applications in the official Android Market being infected with a Trojan backdoor, 21 malicious apps were found. After the dust had settled, the total was closer to 60 -- and Google has now announced what it is doing to undo the damage and prevent future outbreaks in the Market.

http://downloadsquad.switched.com/2011/03/06/google-promises-tighter-android-market-security-in-wake-of-trojan-outbreak

has its advantages.... And, NO, I do not own an iphone, but this would push me in that direction over Android.

The fact that this happened on android proves the point...

Android has no app approval process..

Being in a 'walled garden' has deprived iOS users of free apps laced with malware.

sigh...

Lest anyone forget, Apple also approved the "Babyshaker" app, something that would have gotten held up by even ten seconds worth of thought. The amount of scrutiny that their apps get is not enough to be certain of weeding out malware.

this means Ching Ching....

if one were to suggest using an Android-based phone for a business environment, I would be heavily inclined to discourage it. My husband was thinking of switching (he has an older iPhone) but because of this it may take those out of the running completely.

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html

An Update on Android Market Security
Saturday, March 5, 2011 | 10:08 PM

On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application:

1. We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
   
2. We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
   
3. We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
   
4. We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

For more details, please visit the Android Market Help Center. We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future.

Thank you Steve Jobs!