Over the holiday weekend, another batch of malicious apps were found in the official Android Market. According to the Lookout Security Blog (who, it should be disclosed, makes an anti-malware product for Android), at least 34 applications have been infected with a variation of DroidDream, the same malware found in the Android Market back in March. Researchers are calling this iteration of the malware “DroidDreamLight (DDLight)”, and expect that between 30,000 and 120,000 users have already been affected by the malicious apps.
DDLight begins its trouble-making upon receipt of an incoming call, rather than waiting for the user to manually launch the application. From there, the malware grabs the IMEI, IMSI, model, SDK version and other information about installed packages, and can seemingly download and install other applications (though not without prompting the user).
As it currently stands, malware like this is a mostly unavoidable caveat of open (read: loosely regulated) markets like Android’s. It’s the unfortunate wart hiding amongst Android’s many strengths. For now, we’ll just have to hope that Google and the security research firms out there stay vigilant in weeding out these baddies quick.
Here are the apps in which Lookout Security Blog found DDLight:
GluMobi:
- Tetris
- Bubble Buster Free
- Quick History Eraser
- Super Compass and Leveler
- Go FallDown !
- Solitaire Free
- Scientific Calculator
- TenDrip
DroidPlus:
- Quick Cleaner
- Super App Manager
- Quick SMS Backup
BeeGoo:
- Quick Photo Grid
- Delete Contacts
- Quick Uninstaller
- Contact Master
- Brightness Settings
- Volume Manager
- Super Photo Enhance
- Super Color Flashlight
- Paint Master
E.T. Tean:
- Call End Vibrate
Mango Studio:
- Floating Image Free
- System Monitor
- Super StopWatch and Timer
- System Info Manager
Magic Photo Studio:
- Sexy Girls: Hot Japanese
- Sexy Legs
- HOT Girls 4
- Beauty Breasts
- Sex Sound
- Sex Sound: Japanese
- HOT Girls 1
- HOT Girls 2
- HOT Girls 3
So, how can you avoid it? A good first step would probably be to avoid downloading apps with names like “Beauty Breasts” or “Sex Sound: Japanese”. Unfortunately, a number of these applications are cloned/hacked versions of otherwise legit (but not necessarily super popular) downloads. Always check the developer’s name, the reviews, and other such items for any glaring red flags. Last but not least: doublecheck the features that the app requests permission to use before installing. If something called “HOT Girls 4” is requesting the ability to view your contacts and send out SMS messages, something probably isn’t right