A research company has discovered new Android spyware lurking in the official Android Market. Further investigations revealed that the spyware has infected at least 10 applications from various developers.
A research team from North Carolina State University ‚came across a new stealthy Android spyware in the Official Android Market,‚ following several high-profile discoveries of malware among the platform’s app catalogue. In a blog post Xuxian Jiang, assistant professor in the Department of Computer Science at the institute, noted that ‚our investigation indicates that there are at least 10 infected Android apps from three different developers.‚ It was also stated that because of the ‚stealthy design‚ of the latest exploit, ‚some earlier variants have been there for more than two months without being detected by current mobile antivirus software.‚
The current exploit is called ‚Plankton,‚ and is included as a background service in host apps. The research found that the malware is capable of collecting the bookmark information from a device: of installing or removing homescreen shortcuts: of stealing browser history information: and of collecting runtime log information. Also noted was a function which ‚if invoked can be used to collect user’s accounts,‚ although this had not been activated.
The process for an attack is complex: when an affected app is launched, the background service collects information including the device ID and a list of the permissions granted to the infected app: these are then sent to a remote server: the remote server then sends a URL to the app, which points to an installer file for executable code: once downloaded, this code is dynamically loaded. The blog post said that this approach ‚will allow the payload to evade static analysis and make it hard to detect.‚ ComputerWorld quoted Webroot analyst Andrew Brandt, who noted: ‚it uses a very stealthy method to push any malware it wants to phone.”
According to reports, all of the software affected claimed to be add-ons or cheats for Rovio’s Angry Birds apps, and none actually provided their claimed functionality ‚ the apps were purely vehicles for the distribution of Plankton.
It was noted that the University had contacted Google before publishing its findings, and that the affected apps had been removed pending investigation.