More Infected Apps Pulled from the Android Market

A new batch of 26 apps were removed from the Android Market after they were found to be infected with a variant of the DroidDream trojan.

The trojanized apps were discovered by mobile security company Lookout or reported to by their original developers.

The practice of repackaging legitimate Android apps with malware originated in China and Russia where the use of non-official app markets is common.

However, the DroidDream trojan discovered back in March was attached to apps that were re-uploaded to the Android Market under different names.

The malware sent device identification information such as IMEI and IMSI codes, product IDs, model, provider, language, country and user IDs, to a remote server.

It most prominent feature was ts ability to download an execute more malicious code on command. According to Lookout, the trojan found in the new repackaged apps is a stripped down version of DroidDream, reason for which it was dubbed "Droid Dream Light" (DDLight).

"Apps containing DroidDreamLight have been available for download from the official Android Market. Anyone who has downloaded the apps [...] may be affected. We believe the number of affected devices to be in the range of 30,000 and 120,000 users," the Lookout researchers write.

Unlike its predecessor, which was using exploits to obtain root access on devices, DDLight is dependant on user interaction to execute additional code.

A number of 26 applications from five different developers were found trojanized with DDLight and available for download from the Android Market. Google has removed them and is currently investigating the issue, but others could remain undetected.

Users are encouraged to only download apps from highly rated developers and to read the reviews before installing them. "Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides," the Lookout researchers advise.