…and the Google Android Market malware story continues with Mountain View removing ten more infected Android applications from the web after recently removing 25 other applications and the malware alarm sounding once again for “DroidKungFu”.
This time, the same North Carolina State University science professor Xuxian Jiang determined Google to remove ten Angry Birds related applications, disguised as add-ons or cheats for the popular game. The name of the malware is “Plankton” and “is the first one that we are aware of that exploits Dalvik-class loading capability to stay stealthy and dynamically extend its own functionality”.
Looking into applications led to discovering at least ten applications in the Google Android Market, from three different developers, that were infected by the malware and “its stealthy design also explains why some earlier variants have been there for more than two months without being detected by current mobile anti-virus software”.
Infected applications launch a background process that collects information about device ID and the list of granted permissions to the infected app sending it back to a remote server where after being processed, a download URL is sent back to the phone installing a jar file with executable code. After installation, the file can take “a number of basic bot-related commands that can be remotely invoked”. Browser history and bookmarks can be collected as well as users’ accounts.
How many more security risks is Google willing to accept and how many users is Google willing to put at risk until it will tighten security measures for Android Market application approval?