Submission + - Google Pulls 21 Android Apps with Trojan Rootkits (switched.com)
suraj.sun writes: Thanks to a tip-off by a redditor, and some investigation by Android Police ( http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/ ), Google has pulled 21 Android Market apps that were infected with a backdoor Trojan rootkit. If you downloaded any of the infected apps, they will be automatically deleted from your phone.
The attack vector was ingenious, and plays on the Android Market's biggest weakness: the almost complete absence of app moderation. The nefarious developer crafted 21 apps that share the name of legitimate apps (such as 'Chess'), and into each of them he inserted some Trojan code. The apps then quietly report your sensitive data back to a remote server, while you play with your free app.
Download Squad: http://downloadsquad.switched.com/2011/03/02/google-pulls-21-android-malware-apps-with-trojan-rootkit-over-50000-infected/
Android Police: http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/
The attack vector was ingenious, and plays on the Android Market's biggest weakness: the almost complete absence of app moderation. The nefarious developer crafted 21 apps that share the name of legitimate apps (such as 'Chess'), and into each of them he inserted some Trojan code. The apps then quietly report your sensitive data back to a remote server, while you play with your free app.
Download Squad: http://downloadsquad.switched.com/2011/03/02/google-pulls-21-android-malware-apps-with-trojan-rootkit-over-50000-infected/
Android Police: http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/