In association with heise online

02 March 2011, 13:02

Android malware on the rise, 21 apps pulled from Android Market - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a recent Symantec blog posting there is strong growth in Android malware. The posting cites Android.Pjapps, which, like others before it, is a trojan that has been found in Android applications that is able to open a back door on a compromised device. Such applications are usually found on unregulated Android marketplaces.

The posting states that Symantec has detected other applications carrying this trojan. Typically, it is difficult to tell the malicious version of an application from the correct one. However, the posting goes on to state that "during installation it is possible to identify the malicious version by the excessive permissions it requests." In the example given, the application asks for permission to access messages and personal information – totally unnecessary for the gimmicky application concerned, "Steamy Window".

The posting continues by explaining how the Android.Pjapps trojan establishes a botnet, and is able to "install applications, navigate to web sites, add bookmarks to your browser, send text messages, and optionally block text message responses."

It is not only unregulated Android marketplaces where the risks lie. In a further development, a set of 21 free apps (the full list can be found at the bottom of the preceding link) have been pulled from the Android Market because they had been tampered with using the well-known root toolkit rageagainstthecage and included malware. Because they are hacked versions of genuine apps, again it is difficult to tell the difference between the malicious version and the real thing. Most notably, the malware in these apps is able to download further code, making it impossible to determine the extent of possible damage that could be inflicted. It has been suggested that these applications had been downloaded between 50,000 - 200,000 times before being withdrawn.

Update: Further reports suggest that Google has now pulled more than 50 apps from the Android Market.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit