New Android Malware Found in Official Market Apps

By on June 13th, 2011 16:20 GMT

Google removed a new set of apps from the official Android Market after security researchers found them to be infected with a new piece of malware.

Dubbed Plankton, after the malicious Java file downloaded to the system, the trojan is capable of stealing browser history and bookmarks, as well as login credentials for popular services, however, the latter functionality doesn't seem to be used.

Instead of using root exploits as most Android trojans, Plankton uses a payload delivery method presented by security researcher Jon Oberheide almost a year ago.

"Our investigation indicates that there are at least 10 infected Android apps in the Official Android Market from three different developers," says Xuxian Jiang, assistant professor with the Department of Computer Science at NC State University, who discovered the malware.

"Its stealthy design also explains why some earlier variants have been there for more than 2 months without being detected by current mobile anti-virus software," he adds.

This is the third Android trojan identified by Jiang since the beginning of this month. He previously found trojanized apps carrying a piece of malware dubbed DroidKungFu on unofficial markets in China.

He then discovered a set of apps on Google's Android Market that were infected with an SMS trojan called YZHCSMS. The malware racked up extra charges on the phone bills of its victims by sending SMS messages to premium-rate numbers.

Trojanizing apps is currently the most popular method of delivering malware to Android phones and the fact that Google is doing a poor job at policing its own official market does not inspire confidence to users at all.

One of the Plankton-infected apps, called "Angry Birds Rio Unlock," already had 200,000 downloads at the time when it was discovered. This latest threat also shows that Android antivirus solutions can be easily evaded.

Comments