Tuesday, May 31, 2011

Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream

The Threat
This weekend, multiple applications available in the official Android Market were found to contain malware that can compromise a significant amount of personal data. Likely created by the same developers who brought DroidDream to market back in March, 26 applications were found to be infected with a stripped down version of DroidDream we’re calling “Droid Dream Light” (DDLight). At this point we believe between 30,000 and 120,000 users have been affected by DroidDreamLight.

The Lookout Security Team identified the malware thanks to a tip from a developer who notified us that modified versions of his app and another developer’s app were being distributed in the Android Market. Our security team confirmed that there was malicious code grafted into these apps and identified markers associating this code with previously analyzed DroidDream samples. We discovered 24 additional apps repackaged and redistributed with the malicious payload across a total of 5 different developer accounts.

Lookout users are automatically protected from this malware. Google has removed all of the apps known to be infected from the Android Market while they investigate.

Who is affected?
Apps containing DroidDreamLight have been available for download from the official Android Market. Anyone who has downloaded the apps listed below may be affected. We believe the number of affected devices to be in the range of 30,000 and 120,000 users. If you have downloaded these apps, contact us at support-at-mylookout.com and we can assist you in removing them.

The list of infected applications (by developer name) includes:

Magic Photo Studio

  • Sexy Girls: Hot Japanese
  • Sexy Legs
  • HOT Girls 4
  • Beauty Breasts
  • Sex Sound
  • Sex Sound: Japanese
  • HOT Girls 1
  • HOT Girls 2
  • HOT Girls 3

Mango Studio

  • Floating Image Free
  • System Monitor
  • Super StopWatch and Timer
  • System Info Manager

E.T. Tean

  • Call End Vibrate


  • Quick Photo Grid
  • Delete Contacts
  • Quick Uninstaller
  • Contact Master
  • Brightness Settings
  • Volume Manager
  • Super Photo Enhance
  • Super Color Flashlight
  • Paint Master


  • Quick Cleaner
  • Super App Manager
  • Quick SMS Backup


  • Tetris
  • Bubble Buster Free
  • Quick History Eraser
  • Super Compass and Leveler
  • Go FallDown !
  • Solitaire Free
  • Scientific Calculator
  • TenDrip

How DroidDream Light Works

Malicious components of DroidDream Light are invoked on receipt of a android.intent.action.PHONE_STATE intent (e.g. an incoming voice call). DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior. The broadcast receiver immediately launches the .lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.

How to Stay Safe

Lookout Free and Premium users are already protected. As we see the frequency of these threats increase, please keep in mind the following:

  • Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
  • Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
  • Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
  • Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this Trojan.


Related Post

0 komentar:

Post a Comment

Copyright © 2011. Technews Internet Gadgets . All Rights Reserved
Privacy Policy | Sitemap
Internet Tips Multimedia | Technology News | Tips Internet Security