Saturday, March 5, 2011

Android Malware Apps with Trojan Rootkit–Details of the Apps and how to protect your android from Malware Apps

Google has now come to face the biggest problems of open sourcing – malware apps are in circulation. These apps disguise themselves as if they are genuine and legitimate apps. More than 50 apps have been pulled from Android market after they were identified to have malicious code in them. Which means, if you download any of these apps, it will be automatically deleted from your phone. This malware attack has showcased one of the biggest weakness of Android OS – no app moderation. I had mentioned about the certificate errors that we were receiving on the pages for most of the apps in my post on the Cricket apps for android. Furthermore, when you choose to download and install an app from the website  it happens as smoothly as downloading it from the phone’s android market and there is absolutely no authorization prompted at the device end. Even my Nokia E51 (which is like a 3 yrs old model) has a second layer of authorization at the device level to install an app that was chosen from Nokia apps website!android apps malware

What does the malware App do?

Once you install one of the malware apps, it will root the device via rageagainstthecage or exploid. This can then steal the device data and the personal data and transmit it to a remote server when you will still be playing with the new free app! The details that are stolen are:



* Product ID

* Language

* Personal Details (like user ID and other data you have in the phone)

The scariest bit is that, it just not stops from stealing the data but, it acts as a open backdoor – which means, now more malicious code can be downloaded into your phone without your knowledge!

How do I protect my android?

Lifehacker has a detail post on how to tell if an app is a malware or not – this one is a worthy read to protect your phone from future attacks. However, if you already are a victim of this malware attack (Google did a great job of pulling out these apps in a matter of 5 minutes from the first report – though this deletes the app from the phone, it can do nothing about the malicious code that might have been already downloaded through the backdoor), then you have either of the following two options:

* Try doing a reset to factory defaults. Yes this means losing all the precious data and apps that you have collected so far, but there is no choice other than this.

* Taking the phone back to your service provider (hopefully they’ll replace it with a new phone)

What is remote disabling?

When I said Google had pulled these apps back, it means, these apps were deleted from the users phones without taking any permission from the users for doing so. Not that we are complaining for removing the malware, but this posed the bigger question of how Google can tamper with the apps of an user’s device without the permission from the user. It was not long ago that Amazon had to face the user’s wrath for remotely deleting a book from Kindle across the country. Apple also got into a tight spot for remotely disabling iPhones  that were running on unauthorized OS (Update: Apple has applied for patents to do this now). So it is another question that Google has to answer for

What are the malicious Android Apps?

There were 21 malicious apps by one publisher Myournet – this publisher has now been entirely removed from Android market

• Falling Down
• Super Guitar Solo
• Super History Eraser
• Photo Editor
• Super Ringtone Maker
• Super Sex Positions
• Hot Sexy Videos
• Chess
• Hilton Sex Sound
• Screaming Sexy Japanese Girls
• Falling Ball Dodge
• Scientific Calculator
• Dice Roller
• 躲避弹球
• Advanced Currency Converter
• App Uninstaller
• 几何战机_PewPew
• Funny Paint
• Spider Man
• 蜘蛛侠

Apart from this list, there are 30 more identified to be malicious by the security app Lookout. These were by the publishers ‘Kingmall2010’ and ‘we20090202’

• owling Time
• Advanced Barcode Scanner
• Supre Bluetooth Transfer
• Task Killer Pro
• Music Box
• Sexy Girls: Japanese
• Sexy Legs
• Advanced File Manager
• Magic Strobe Light
• 致命绝色美腿
• 墨水坦克Panzer Panic
• 裸奔先生Mr. Runner
• 软件强力卸载
• Advanced App to SD
• Super Stopwatch & Timer
• Advanced Compass Leveler
• Best password safe
• 掷骰子
• 多彩绘画
• Finger Race
• Piano
• Bubble Shoot
• Advanced Sound Manager
• Magic Hypnotic Spiral
• Funny Face
• Color Blindness Test
• Tie a Tie
• Quick Notes
• Basketball Shot Now
• Quick Delete Contacts
• Omok Five in a Row
• Super Sexy Ringtones
• 大家来找茬
• 桌上曲棍球
• 投篮高手

As long as Google leaves the android apps market un-moderated, use your better sense when downloading and installing any apps. Take the necessary precautions and have the security app installed in your droid to add the extra layer of security!

1 comment:

jay_jagassar said...

Good think to know. Yhanks. Check out my blog @

Post a Comment