Google faces new round of Android malware
Again yanks malware-infected apps from Android Market as hackers try trickier tactics
Computerworld - For the second time in three months, Google yanked dozens of malware-infected smartphone apps from the Android Market.
The 34 apps were pulled over the weekend and Tuesday by Google after security researchers notified the company.
Google acknowledged giving some Android apps the heave-ho. "We've suspended a number of suspicious applications from Android Market and are continuing to investigate them," a Google spokeswoman said in an email reply to questions late Tuesday.
As in the March episode, when Google removed more than 50 apps, the newest round consisted of pirated legitimate programs that had been modified with malicious code and then re-released to the Android Market under false names.
But there was an important difference to this campaign, said Kevin Mahaffey, co-founder and CTO of Lookout, a San Francisco firm that specializes in mobile security.
"These apps have the ability to fire up a page on the Android Market," said Mahaffey, adding that the hackers can send commands to the smartphone telling it which Market page to display.
He speculated that the attackers probably intended the new feature as a way to dupe users into downloading additional rogue apps that would have malicious functions, just as a hijacked PC is told to retrieve more malware. "They seem to have been designed to encourage people to install additional payloads," Mahaffey said.
Mahaffey said it was impossible to deduce hacker intent from the malicious apps' code, but he believed the criminals took the new path because social engineered attacks -- those that rely on tricking victims into installing malware rather than depending on an exploited vulnerability -- are more difficult to defend.
"Social engineered attacks are much more subtle, but very powerful because they're hard to protect against," said Mahaffey. "It could be they changed because either [the attackers] believed exploits were a dead giveaway, or they found this more effective."
Lookout and AVG Technologies of the Czech Republic uncovered malicious apps on the Android Market and reported their findings to Google. According to Mahaffey, Google pulled the apps "almost instantaneously."
It's unclear how the attackers planned to turn a profit on the new campaign of rogue apps.
"They could do things like listen in to all the banking transactions [conducted using the smartphone]," said Omri Sigelman, the vice president of products at AVG Mobilation, AVG's mobile security arm, in an interview Tuesday.
Both Mahaffey and Sigelman said that the same group responsible for the March malware was behind the most recent attempt to infiltrate Android phones.
The new rogue apps contained what Mahaffey called "Droid Dream Light," a stripped-down version of the DroidDream code used to infect apps in March.
- Review: 5 video editing apps for Android
- Malware-infected Android apps spike in the Google Play store
- Nokia plans forked Android smartphone for Barcelona unveiling
- LG G Flex deep-dive review: The curious case of the curved phone
- Xperia Z1S deep-dive review: A stylish phone with power and panache
- Low-end smartphone battle forces Nokia to Android
- Moto G real-world review: The best budget phone money can buy
- Google escalates offensive against Office with Android 'KitKat'
- Galaxy Note 3 deep-dive review: A plus-sized phone with perks and quirks
- LG G2 deep-dive review: Extraordinary hardware in an ordinary phone
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- Web Application Firewalls--Laying the Myths to Rest This paper addresses some of the myths about WAFs and outlines how businesses are optimizing their investment in protecting their ever-evolving web apps.
- PCI DSS Compliance in Cloud Environments This technology analysis addresses the challenges of the evolving cloud security landscape and how organizations can achieve PCI DSS compliance in cloud environments...
- Web Attack Survival Guide This guide will help you protect your organization from external threats targeting your high-value applications and data assets.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Application Security White Papers | Webcasts