Over the holiday weekend, another batch of malicious apps were found in the official Android Market. According to the Lookout Security Blog (who, it should be disclosed, makes an anti-malware product for Android), at least 34 applications have been infected with a variation of DroidDream, the same malware found in the Android Market back in March. Researchers are calling this iteration of the malware “DroidDreamLight (DDLight)”, and expect that between 30,000 and 120,000 users have already been affected by the malicious apps.
DDLight begins its trouble-making upon receipt of an incoming call, rather than waiting for the user to manually launch the application. From there, the malware grabs the IMEI, IMSI, model, SDK version and other information about installed packages, and can seemingly download and install other applications (though not without prompting the user).
As it currently stands, malware like this is a mostly unavoidable caveat of open (read: loosely regulated) markets like Android’s. It’s the unfortunate wart hiding amongst Android’s many strengths. For now, we’ll just have to hope that Google and the security research firms out there stay vigilant in weeding out these baddies quick.
Here are the apps in which Lookout Security Blog found DDLight:
GluMobi:
Tetris
Bubble Buster Free
Quick History Eraser
Super Compass and Leveler
Go FallDown !
Solitaire Free
Scientific Calculator
TenDrip
DroidPlus:
Quick Cleaner
Super App Manager
Quick SMS Backup
BeeGoo:
Quick Photo Grid
Delete Contacts
Quick Uninstaller
Contact Master
Brightness Settings
Volume Manager
Super Photo Enhance
Super Color Flashlight
Paint Master
E.T. Tean:
Call End Vibrate
Mango Studio:
Floating Image Free
System Monitor
Super StopWatch and Timer
System Info Manager
Magic Photo Studio:
Sexy Girls: Hot Japanese
Sexy Legs
HOT Girls 4
Beauty Breasts
Sex Sound
Sex Sound: Japanese
HOT Girls 1
HOT Girls 2
HOT Girls 3
So, how can you avoid it? A good first step would probably be to avoid downloading apps with names like “Beauty Breasts” or “Sex Sound: Japanese”. Unfortunately, a number of these applications are cloned/hacked versions of otherwise legit (but not necessarily super popular) downloads. Always check the developer’s name, the reviews, and other such items for any glaring red flags. Last but not least: doublecheck the features that the app requests permission to use before installing. If something called “HOT Girls 4″ is requesting the ability to view your contacts and send out SMS messages, something probably isn’t right
