Jump to content
ritchie58

"trojanized" Google Android Security App Found In China

Recommended Posts

Suspicious code is lurking in a repackaged Chinese version of a tool Google released last weekend to remotely clean malicious apps off Android phones, Symantec said today.

 

This "trojanized" package was found on an unregulated third-party Chinese marketplace and not on the official Android Market, Symantec said in a blog post.

 

After 58 malicious apps were found on the Android Market last week and downloaded onto about 260,000 devices, Google removed the apps from the market and then wiped them from the phones too.

 

Now, Symantec says someone appears to have taken the "Android Market Security Tool" used to clean up the devices infected with the malware, repackaged it and inserted code in it that seems to be able to send SMS messages if instructed by a command-and-control server.

 

It also looks like the code used in the new threat is based on a project hosted on Google Code and licensed under the Apache License, according to Symantec.

 

A Google spokesman provided this statement when asked for comment: "We encourage Android users to only install applications from sources they trust."

 

Several things should raise red flags for people with this threat -- it's not on the official, trusted Android Market and it requires a user to install it whereas the Google tool used an automatic push function to distribute the legitimate app.

 

The initial malware found on the Android Market, dubbed "DroidDream," not only could capture user and product information from a device but also had the ability to download more code capable of further damage.

 

"We have added detection for the trojanized version of Google's application as Android.Bgserv," Symantec said.

 

Meanwhile, a Kaspersky researcher has questioned the efficacy and methods of Google's Android security tool itself.

 

Originally posted at InSecurity Complex by Elinor Mills

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...