Thursday, March 3, 2011

50 Android Market Apps Found Harboring Malware |

Google takes pirated apps offline, but many Android users' smartphones could still be at risk

By Kelly Jackson Higgins, Darkreading

It was only a matter of time before the bad guys took advantage of the open Android Market in a big way: Google removed some 50 free apps this week from the store after they were discovered to be carrying malware that "roots" the phone, steals data, and installs a back door.

But the discovery came a few days after the apps hit the Android Market, so an estimated 20,000 to 500,000 users may already have downloaded the infected apps, most of which are pirated versions of legitimate Android apps, including Super Guitar Solo, Music Box, Advanced Barcode Scanner, and Spiderman, mobile security experts say. A user on Reddit first flagged the malware, and then Lookout Security found additional infected apps, all of which contain a piece of malware called DroidDream.

Google doesn't vet or security-scan apps submitted to its open, community-based app market, but security experts say the invasion of rogue apps could ultimately pressure the search engine giant to add some form of vetting applications before they hit the Market. It's all based on user comments and rankings of apps, and notifications to the user on what functions in the phone the app wants to use before he downloads it. "It's totally up to the user," says Chris Wysopal, CTO of Veracode. "This is not really working." 

No comments:

Post a Comment