DroidDream Malware (rogue apps)

jcat

Mo(w)gli's can opener
Thread starter
Veteran
Joined
Feb 13, 2003
Messages
73,213
Purraise
9,851
Location
Mo(w)gli Monster's Lair
Lookout Mobile Security has published a list (scroll down) of the apps known to be affected.

Google yanks over 50 infected apps from Android Market


All the apps were infected with the same malicious code, said Kevin Mahaffey, the CTO of Lookout, and came from three different publishers. The malware, dubbed "DreamDroid," lets attackers compromise Android smartphones, then connect them to a command-and-control server (C&C) which can issue orders to the devices.
...
Mahaffey confirmed that Google has yanked the 50-some apps from the Android Market, but said that as of late last night, the mobile OS maker had not pulled those apps from users' phones.
Like other mobile app distributors, such as Apple, Google has the ability to flip a switch that remotely removes questionable or malicious apps from all Android smartphones. Google has pulled the uninstall switch at least once before, in June 2010.
 

strange_wings

TCS Member
Top Cat
Joined
Dec 20, 2006
Messages
13,498
Purraise
39
I guess no one heard about some of the scanners having back doors in them? (old news)

You're better off not being stupid and installing questionable apps with even more questionable names - if anyone bothered to look up the pulled app lists you'd get what I mean.
 
  • Thread Starter Thread Starter
  • #6

jcat

Mo(w)gli's can opener
Thread starter
Veteran
Joined
Feb 13, 2003
Messages
73,213
Purraise
9,851
Location
Mo(w)gli Monster's Lair
People have been talking about this on the Android forums, and many of those who were affected had downloaded a scientific calculator, photo editor, task killer, guitar "player" or photo editor, not "Japanese girls", etc.. Many of the apps that malware was added to had been around for ages (in Android terms, that is) and gotten high ratings.

The problem is that a lot of people don't pay attention to the permissions they're supposed to grant before downloading.
 

strange_wings

TCS Member
Top Cat
Joined
Dec 20, 2006
Messages
13,498
Purraise
39
Originally Posted by jcat

The problem is that a lot of people don't pay attention to the permissions they're supposed to grant before downloading.
Yes, that is the main problem. The other problem is that the apps are left on the market when Google had been notified of the problem and that people don't read all the user comments in which if there is even the slightest problem people will complain. (with upgrades rolling out one should always double check that since some apps aren't updated properly)

Another issue is that when someone clearly points out a problem people don't take it seriously... So many get caught up in getting the newest shiny thing because someone else recommended it and trust a scanner that may not be able to detect a backdoor or a "legitimate" but shady app. I foresee that type of social hacking as a future way of infecting phones that aren't locked into the app market (any non AT&T phone that isn't rooted) - and if not, someone is really missing the potential there.
(note: this is how major hacking takes place on facebook and twitter)
 

-_aj_-

TCS Member
Veteran
Joined
Aug 24, 2008
Messages
10,487
Purraise
61
Location
North East England
yeah some of them can

im really careful what i down load now even system updates since the last one has screwed things up on mine watch out for updates on your apps to sometimes they change what they want access to
 

-_aj_-

TCS Member
Veteran
Joined
Aug 24, 2008
Messages
10,487
Purraise
61
Location
North East England
I use tunee music to download and Susan at the moment i have no messages for it to read because my phone dumped them again im gettig sick of it doing that, i dont want to download an app to send texts when the facility to do it on the phone anyways, it has to scan messages to see if theres anything untoward in them AVG does to, i had a few that were flagged so it was kind of just as well
 

rosiemac

TCS Member
Veteran
Joined
Dec 3, 2003
Messages
54,358
Purraise
100
Location
ENGLAND... LAND OF HOPE AND GLORY!
I think i'll go back to AVG because that's who l have on my laptop.

I tried tunee music but they didn't have a lot of the tunes that l was searching for, but GTunes is excellent!
 

-_aj_-

TCS Member
Veteran
Joined
Aug 24, 2008
Messages
10,487
Purraise
61
Location
North East England
I found everything i wanted on tunee tbh theres a few i couldnt by the particular artist i wanted but its done the trick
 
  • Thread Starter Thread Starter
  • #18

jcat

Mo(w)gli's can opener
Thread starter
Veteran
Joined
Feb 13, 2003
Messages
73,213
Purraise
9,851
Location
Mo(w)gli Monster's Lair
Originally Posted by Rosiemac

Have l read right?. I've just downloaded that app and it said it can access my SMS and MMS messages?!
Yep, in order to scan the MMS.
 
Top