Google Removes Suspicious Apps From Android Market

  /     /     /  
Publicated : 22/11/2024   Category : security


Google Removes Suspicious Apps From Android Market


Angry Birds spin-offs might contain malware that steals data from smartphone, researchers say, but other experts say it might not be malicious -- just too invasive



Google has taken down 10 free apps from the Android Market after researchers reported that they were harboring what could be a new data-stealing malware family. Among the potentially malicious apps are spin-offs of the wildly popular Angry Birds game app.
The apps had been available in the Android Market for more than two months, and had been downloaded more than 210,000 times, according to researchers at NC State University. These researchers initially identified the so-called Plankton code as malicious in the apps, as well as a possible new Android Trojan called YZHCSMS infecting other apps.
But as of this post, mobile security experts at Lookout Security have not yet confirmed whether these two new Android samples are officially malware or just aggressive spyware-type code used for marketing purposes.
These two families are a lot more of a gray area than previous pieces of malware in Android, says Kevin Mahaffey, CTO and founder of Lookout, who says his firm is still studying the code. Plankton doesnt actually look like malware, he says. A component in it claims to gather your browsing history and put bookmarks into your phone ... But it links to a EULA [End User License Agreement] that is upfront that this framework operates that way, he says.
Its not clear to us that its malicious in its intent. Do you want this on your phone? Probably not. This is the world of gray in mobile apps, he says.
Among the apps on the Android Market found by NC State with Plankton are those from developer Crazy Apps: Shake To Fake (Fake call); Angry Birds Rio Unlock; Angry Birds Cheater; Angry Birds Multi User!; Favorite Games Backup; Call Ender; Bring Me Back My Droid!; and Chit Chat. Other infested apps were Guess the Logo and Snake Kaka, according to Xuxian Jiang, the NC State researcher who reported the findings today. Jiang and his team earlier this month spotted an Android malware family called DroidKungFu that can root Android smartphones.
Jiang says that Google had removed the 10 Plankton apps.
A Google spokesperson did not confirm any numbers, but says the apps were suspicious. Were aware of and have suspended a number of suspicious applications from Android Market. We remove apps and developer accounts that violate our policies, the spokesperson said.
According to NC State, Plankton appears to operate as stealthy botnet code that hides out and collects the Android device ID and host app permissions, and then shoots that data to a remote command-and-control server. The phone is then loaded with code that accesses bookmarks, browsing history, and the runtime log. Xiang and his team say that while Plankton is currently only performing data-harvesting, it has the ability to deliver root exploits that could gain total control of the phone.
Theres no official count yet from NC State on the number of apps rigged with the YZHCSMS code, but so far only one app was found to have it on the Android Market -- and Google has removed it, Jiang says. It mainly targets alternative [Android app] markets, Jiang says.
YZHCSMS grabs premium phone numbers from a remote server and then sends SMS text messages that get charged to the victims phone every 50 minutes, according to NC State. The bizarre part about the code is that it erases the SMS messages as well as any billing text messages from the phones service provider in an attempt to keep the ruse going. It was sitting in the Android Market for at least three months, and has also been spotted in alternative Chinese app markets and forums.
Mobile devices are the next big attack vector, and Googles Android is becoming a major target for attackers -- mainly due to its open architecture as well as the wide open Android Market.
But Lookouts Mahaffey says its become increasingly difficult to determine whether mobile apps are actually malicious or merely too invasive. And if they are just too invasive, its also hard to assess whether thats purposeful or inadvertent.
Even if the EULA says the app reads your browser history, that doesnt necessarily make it OK, he says. I dont want it to read my browser, he says. This is a really important milestone for the mobile world: You have to be careful when looking at what these apps are doing. And a lot of times, its not clear on what the judgment call of what it is.
In March,
Google removed some 50 free apps from the Android Market store
after they were discovered to be carrying malware that roots the phone, steals data, and installs a back door. An estimated 20,000 to 500,000 users had downloaded the infected apps, most of which were pirated versions of legitimate Android apps, including Super Guitar Solo, Music Box, Advanced Barcode Scanner, and Spiderman, mobile security experts say.
Two things are what attackers go after [on Android]: control [of] your phones or access [to] your data, Jiang says. A copy of the abstract of NC States findings are available
here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Removes Suspicious Apps From Android Market