Google Zaps More Infected Android Applications

Monday, June 13, 2011



Security researcher Xuxian Jiang has published his examination of a malware strain known as Plankton that was reportedly used to infect nearly one dozen applications that were readily available on the Android Market.

Jiang had reported the presence of the malicious code to Google in early June, and the company subsequently removed ten applications purported to be add-ons or cheats fro the popular game 'Angry Birds'.

"While continuing an Android-related research project after the discovery of the DroidKungFu and YZHCSMS malware, my research team also came across a new stealthy Android spyware in the Official Android Market. This spyware does not attempt to root Android phones but instead is designed to be stealthy by running the payload under the radar. In fact, Plankton is the first one that we are aware of that exploits Dalvik class loading capability to stay stealthy and dynamically extend its own functionality," wrote North Carolina State University's Jiang.

"Our investigation indicates that there are at least 10 infected Android apps in the Official Android Market from three different developers. Its stealthy design also explains why some earlier variants have been there for more than 2 months without being detected by current mobile anti-virus software," Jiang continued.

After a mobile device is infected, the code has the ability to import more malicious files from the malware's command and control server, some of which are designed to exploit known Android operating system vulnerabilities. 

"It has the ability to remotely access a command-and-control [C&C] server for instructions, and upload additional payloads. It uses a very stealthy method to push any malware it wants to phone... This is pretty serious," said Webroot's Andrew Brandt.

Google has previously removed several dozen malicious applications threat had passed the company's security monitoring and been placed on the Android market for download bu consumers, and the trend is likely to continue as the popularity of mobile devices continues to grow.

Security provider Juniper Networks recently released a report which reveals that samples of malware strains targeting devices running the Android operating system increased 400% between June of 2010 and January of 2011.

The report notes that there needs to be an increase in diligence by those who approve applications for distribution in the marketplace, as well as more proactive security efforts on the part of consumers.

"It takes a lot of time and experience to evaluate code. There are ways to do it in an automated fashion, but you really need a bit of human feel [to evaluate] commands and their sequence to tell if something's malicious," said Brandt.

Brandt recommends that users examine the permissions requested by applications at the time of install and be wary of apps that require access to the internet, location and contact information.

"Use some common sense. These [Plankton] apps were supposed to do things like 'Angry Birds.' But then why did they all ask for permission to connect to the Internet?"

Possibly Related Articles:
Viruses & Malware
Google malware Application Security Mobile Devices Headlines Android Application Market Plankton
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.