Android Apps Security Alert: Ripped Apps Loaded onto Official Android Market had Root Exploits and Worse
by Antonio Wells
Mar 2, 2011 7:38 AM –
Lompolo posted on Reddit “Someone just ripped off 21 popular free apps from the market, injected root exploits into them and republished. 50k-200k downloads combined in 4 days.” The mobile security community has named this Trojan “DroidDream”. Resident hacker at Android Police did some more digging into the issue and found indeed DroidDream does root a user’s device via “rageagainstthecage” or exploit. According to Android Police this nasty has been identified to steal: IMEI, IMSI, product ID, model, partner (provider?), language, country, and userID; worse it contains a hidden APK that installs addition code for more unknown damage.
Most Android developers would agree that they love the freedom to load apps to Market without hassle, but their at least needs to be some sort of automatic code checking on Google’s part to flag these malware apps immediately. Get it together Google, this isn’t the first and crafty hackers are surely not going to make this the last attempt. Google has since pulled all suspected apps from the Android Market, however, we’ve listed them below so you can check to see if you have installed to promptly remove them!
Full list of infected applications published by “Myournet”:
- Falling Down
- Super Guitar Solo
- Super History Eraser
- Photo Editor
- Super Ringtone Maker
- Super Sex Positions
- Hot Sexy Videos
- Chess
- 下坠滚球_Falldown
- Hilton Sex Sound
- Screaming Sexy Japanese Girls
- Falling Ball Dodge
- Scientific Calculator
- Dice Roller
- 躲避弹球
- Advanced Currency Converter
- App Uninstaller
- 几何战机_PewPew
- Funny Paint
- Spider Man
- 蜘蛛侠
Full list of infected applications published by “Kingmall2010″:
- Bowling Time
- Advanced Barcode Scanner
- Supre Bluetooth Transfer
- Task Killer Pro
- Music Box
- Sexy Girls: Japanese
- Sexy Legs
- Advanced File Manager
- Magic Strobe Light
- 致命绝色美腿
- 墨水坦克Panzer Panic
- 裸奔先生Mr. Runner
- 软件强力卸载
- Advanced App to SD
- Super Stopwatch & Timer
- Advanced Compass Leveler
- Best password safe
- 掷骰子
- 多彩绘画
Full list of infected apps under the developer name “we20090202″:
- Finger Race
- Piano
- Bubble Shoot
- Advanced Sound Manager
- Magic Hypnotic Spiral
- Funny Face
- Color Blindness Test
- Tie a Tie
- Quick Notes
- Basketball Shot Now
- Quick Delete Contacts
- Omok Five in a Row
- Super Sexy Ringtones
- 大家来找茬
- 桌上曲棍球
- 投篮高手
[Source Lompolo via Android Police via LookOut Blog]
Tags:
Android Apps,
Android Apps Security Alert,
Android Security,
Android Trojans,
Android Viruses,
DroidDream,
Lompolo,
rageagainstthecage
Categorised in: Apps Blog, Featured, News
Submit apps for review,
promote apps, get more installs with better
app videos.