Malware Discovered in Android Market

The growing popularity of app stores for mobile applications has attracted the attention of malicious hackers hoping to spread malware that could potentially compromise a user's security and expose personal information.

The latest example is a report that Google had to scramble this week to pull at least 20 applications from its Android Market after the website Android Police reported that they were infected with malware.

"I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn't who it was supposed to be," explained a post at Android Police.

"There's another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID," the post adds. "But that's all child's play; the true pièce de résistance is that it has the ability to download more code. In other words, there's no way to know what the app does after it's installed, and the possibilities are nearly endless."

Google declined comment on the report but a source close to the company confirmed that a number of applications were pulled from Android Market for violating the company's policies.

Android Police updated its report to note that Google moved extremely quickly to pull the offending apps.

"Took less than 5 minutes from first contact to pull!, as well as remotely removing them from user's devices. Unfortunately, that doesn't remove any code that's already been backdoored in," the post said while also noting that the offending software had been downloaded over 50,000 times.

Vikram Thakur, principal security response manager at security provider Symantec, said the incident shines a light on the relatively open process Google uses to allow new apps into Android Market.

"I'm sure they are now looking at their internal systems and ways to prevent another incident like this from happening," Thakur told InternetNews.com.

Symantec estimates that a thousand new apps are uploaded to Android Market every day.

"With that high a number they have to be employing some sort of automation to the process, not just people checking code," said Thakur.

As for this week's incident Thakur said it's pretty typical of how malware purveyors operate. "They'll do things like direct you to a third party website offering a free cracked version of a paid application. In fact, it may only be the free trial version that's been compromised, but by the time the user notices that the app has already done something bad in the background," said Thakur.

While he expects Google to be more rigorous in its screening as a result of this incident, Thakur also said there are preventive steps consumers can take,

"When an app is asking you to give it permission to additional services like your network activity or SMS messages, that should be a red flag," he said. "We've send those kind of things with what purported to be a scientific calculator app. It's always a good idea to eyeball the permission requests before agreeing."

David Needle is the West Coast bureau chief at InternetNews.com, the news service of Internet.com, the network for technology professionals.


security, Symantec, malware, mobile apps, Android Market