Google pulls more malware from Android Market
NC State researcher finds stealthy attack code inside bogus 'Angry Birds' apps
Computerworld - Google removed more malware-infected applications from its Android Market last week, according to a security researcher who reported the rogue software to the company.
On June 5, Google yanked 10 apps from the market after Xuxian Jiang, an assistant professor in computer science at North Carolina State University, reported his findings to the company.
Jiang published an analysis of the malicious code, dubbed "Plankton," in a blog post last Thursday.
Andrew Brandt, lead threat research analyst at Webroot, has also dug into Plankton.
"It has the ability to remotely access a command-and-control [C&C] server for instructions, and upload additional payloads," Brandt said in an interview Friday. "It uses a very stealthy method to push any malware it wants to phone."
Unlike other code embedded in apps that have appeared in the market, Plankton doesn't rely on a vulnerability to "root," or gain complete control of the smartphone, said Brandt. Once the victim has installed the bogus app, however, Plankton can call in other files from the hacker-controlled server, including ones that would exploit one or more unpatched Android bugs.
"This is pretty serious," Brandt said.
Plankton also harvests data from the phone, including the bookmarks, bookmark history and home page of the device's built-in browser.
All 10 of the apps that Google pulled after Jiang's report purported to be add-ons or cheats for the popular mobile game "Angry Birds" from Finnish game company Rovio. None of the apps actually provided their promised functionality, however, but were simply the delivery vehicles for Plankton.
Plankton was not the first Android attack code that Jiang and his team have reported to Google.
Also on June 5, Jiang told Google of finding apps infected with "DroidKungFu" on unauthorized Chinese app stores, then two days later followed with a report of "YZHCSMS," a Trojan horse that racks up bills by sending hidden text messages to premium numbers.
DroidKungFu uses the same pair of exploits to root the smartphone as "DroidDream," the name given to the first malware bundled with apps in the Android Market.
YZHCSMS was found in Android apps on both Google's market and on Chinese download sites. According to Jiang, YZHCSMS-infected apps were available on the Android Market for at least three months before Google pulled them.
Malicious apps have become a persistent problem for Google, which has had to scrub the market several times since early March, when it pulled more than 50 programs able to compromise phones and remotely issue them commands.
Two weeks ago, Google suspended nearly three dozen malicious apps from the market. Experts tied the newer wave -- labeled "DroidDream Light" -- to the same group responsible for the Mach campaign.
- Review: 5 video editing apps for Android
- Malware-infected Android apps spike in the Google Play store
- Nokia plans forked Android smartphone for Barcelona unveiling
- LG G Flex deep-dive review: The curious case of the curved phone
- Xperia Z1S deep-dive review: A stylish phone with power and panache
- Low-end smartphone battle forces Nokia to Android
- Moto G real-world review: The best budget phone money can buy
- Google escalates offensive against Office with Android 'KitKat'
- Galaxy Note 3 deep-dive review: A plus-sized phone with perks and quirks
- LG G2 deep-dive review: Extraordinary hardware in an ordinary phone
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts