Google remotely killing Android malware

Share this article:

Google is now using a remote security tool to remove malicious applications from affected Android devices after a malware outbreak hit its official app store, the company announced over the weekend.

Early last week, it was discovered that more than 50 apps offered in Google's official Android Market were infected with malware, known as “DroidDream,” that is capable of gaining root access to a device, harvesting data and installing additional malicious code.

Google has since removed all the malicious apps from its app store and is issuing a security update to affected devices – called “Android Market Security Tool March 2011” – that will remove the exploits and prevent attackers from accessing any more information, the search giant said in a blog post Saturday from Android security lead Rich Cannings.

“This is, in effect, Google's ‘remote kill switch' – capable of forcibly removing offending apps from users' phones,” Graham Cluley, senior technology consultant at anti-virus firm Sophos, wrote in a blog post Monday.

Approximately 260,000 Android devices had one or more malicious apps installed, according to reports. A Google spokesman would not publicly provide a number.

But while Google's tool effectively eradicates the malware, it does not fix the underlying vulnerabilities that the malicious apps took advantage of, Cluley said.

The apps exploited known vulnerabilities, which have been fixed in Android 2.2.2 (Froyo) and higher, Google said. Those running older Android versions, such as 1.5 (Cupcake), 1.6 (Donut) and 2.0/2.1 (Éclair), may still be vulnerable to similar attacks, Cluley said.

“It is up to individual carriers and smartphone vendors to make sure that the patch is rolled out to users running older versions of Android,” he said. “There are so many devices running so many different flavors of Android, ensuring that all of them are kept up-to-date with security patches becomes a very serious problem.”

Google said it is working with its partners to provide a fix for the underlying security flaws. In the meantime, the company has suspended the developer accounts of those who posted the malicious apps and is contact with law enforcement.

Also, the search giant is adding additional, unspecified safeguards to prevent other malicious apps from being distributed in the Android Market.

Google said it believes the attackers were only able to gather certain device-specific information, including IMEI/IMSI numbers, unique codes that are used to identify mobile devices, and the version of Android running on the device.

“[But] given the nature of the exploits, the attacker(s) could access other data, which is why we've taken a number of steps to protect those who downloaded a malicious application,” Google's Cannings wrote.

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.