The Lookout Security Team identified the malware thanks to a tip from a developer who notified us that modified versions of his app and another developer’s app were being distributed in the Android Market. Our security team confirmed that there was malicious code grafted into these apps and identified markers associating this code with previously analyzed DroidDream samples. We discovered 24 additional apps repackaged and redistributed with the malicious payload across a total of 5 different developer accounts.
Lookout users are automatically protected from this malware. Google has removed all of the apps known to be infected from the Android Market while they investigate.
Who is affected?
Apps containing DroidDreamLight have been available for download from the official Android Market. Anyone who has downloaded the apps listed below may be affected. We believe the number of affected devices to be in the range of 30,000 and 120,000 users. If you have downloaded these apps, contact us at support-at-mylookout.com and we can assist you in removing them.
The list of infected applications (by developer name) includes:
Magic Photo Studio
- Sexy Girls: Hot Japanese
- Sexy Legs
- HOT Girls 4
- Beauty Breasts
- Sex Sound
- Sex Sound: Japanese
- HOT Girls 1
- HOT Girls 2
- HOT Girls 3
Mango Studio
- Floating Image Free
- System Monitor
- Super StopWatch and Timer
- System Info Manager
E.T. Tean
- Call End Vibrate
BeeGoo
- Quick Photo Grid
- Delete Contacts
- Quick Uninstaller
- Contact Master
- Brightness Settings
- Volume Manager
- Super Photo Enhance
- Super Color Flashlight
- Paint Master
DroidPlus
- Quick Cleaner
- Super App Manager
- Quick SMS Backup
GluMobi
- Tetris
- Bubble Buster Free
- Quick History Eraser
- Super Compass and Leveler
- Go FallDown !
- Solitaire Free
- Scientific Calculator
- TenDrip
How DroidDream Light Works
Malicious components of DroidDream Light are invoked on receipt of a android.intent.action.PHONE_STATE intent (e.g. an incoming voice call). DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior. The broadcast receiver immediately launches the
How to Stay Safe
Lookout Free and Premium users are already protected. As we see the frequency of these threats increase, please keep in mind the following:
- Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
- Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
- Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
- Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this Trojan.
0 komentar:
Post a Comment