Malware in the Android market

Kaspersky Lab, a leading manufacturer of secure content and threat management solutions, have identified a number of free applications in Google’s Android Market which contain malware, such as Trojans. The applications were illegitimate copies of legitimate developers’ apps that were injected with malware code.
An example was the Super Guitar Solo application, which contained the popular “rage against the cage” root exploit commonly used to “root” Android phones and gain super-user privileges. Once somebody gains super-user rights, they will have full administrator level access to the phone’s operating system. In this case the exploit was launched without the owner’s consent.

“The application attempted to gather product ID, device type, language, country, and user ID among other things, and then upload the data to a remote server,” said Timothy Armstrong, Junior Malware Analyst at Kaspersky Lab. “This discovery is important because up until now most of the Android malware has been found outside of the Android Market, which requires a number of special steps to be taken in order to infect the phones. In this case, users are even able to install from the Web with the new Android Market format.”

Kaspersky Lab experts analysed the Trojan inside the illegitimate apps in the Android Market and highlighted that it has been designed to be easily included in popular applications, uploaded onto the Market with misleading names and that it also had the ability to install other applications on the devices. These traits hint at the way through which the author was planning to monetise the infections – deploying Adware or Advertising-supported apps on the device.

Adds Armstrong; “An update from Google shows that malicious apps and the corresponding download page from the Android Market were removed. At the same time, Google launched an application called ‘Android Market Security Tool March 2011’ for remote-removal of infected applications installed on smartphones. The main issue is that this new app does not fix the vulnerability; it simply removes the application known to be malicious.”

For better protection of Android smartphones, Kaspersky Lab recently launched the new version of Kaspersky Mobile Security 9. The security solution supports Android, BlackBerry, Symbian and Windows Mobile: http://www.kaspersky.com/kaspersky_mobile_security
“Given the above, it is important to consider that these might not be the only live malware samples currently existing in the Android Market. In line with this, Kaspersky Lab strongly recommends that users always check all the permission requests that an application requests during installation and to always think twice before jail-breaking or rooting their smartphones,” concludes Armstrong.
Kaspersky Lab will continue to monitor this situation and report any important updates. Articles about this topic can be found following the below links: