Malicious apps discovered in Android Market
Attackers over the weekend uploaded malware-laden copies of a number of popular apps, such as Angry Birds, to Google's official Android Market, researchers warned.
A rogue developer with the handle “Lagostrod” uploaded trojanized versions of at least a dozen popular games, including Cut the Rope, Need for Speed: Shift, and Assassin's Creed: Revelations, Sean Sullivan, security adviser at anti-virus firm F-Secure, said in a blog post Monday. If installed, the apps attempted to send SMS messages to costly premium-rate numbers.
Following the discovery of the malicious apps posted by Lagostrod, researchers found a second rogue developer with the handle "Miriada Production," who also posted several bogus games to the Android Market.
After being notified of the issue, Google removed the apps and suspended the developers' accounts. However, despite Google's efforts, the apps were downloaded about 14,000 times, researchers at mobile security firm Lookout, wrote in a blog post Sunday.
A Google spokesman declined to comment about the malware outbreak when contacted by SCMagazineUS.com on Monday.
“There could be several [other] such accounts in [the] Android Market, turning Google's security efforts into a game of [Whac-A-Mole],” F-Secure researchers warned.
The premium-rate trojans were targeting users in 18 countries.
The incident is the latest in a series of cyber crime waves to hit the Android Market. Last week, nefarious horoscope and wallpaper apps were discovered on the Android Market that also sent messages to premium-rate numbers, Lookout researchers said. Those apps have also since been removed.
Attackers have for some time been abusing premium-rate SMS services for their own gain. Often used for adult or horoscope chat lines and other services, premium-rate numbers allow third parties to amend an additional charge on an individual's cellphone bill and receive payment for “provided” services. Once downloaded, premium-rate SMS trojans cause a users' phone to send text messages to attacker-owned numbers, resulting in charges on a user's phone bill.
Vanja Svajcer, principle virus researcher at anti-virus firm Sophos, said Google's open app store model is easy for cyber criminals to abuse.
“The requirements for becoming an Android developer that can publish apps to the Android market are far too relaxed,” Svajcer wrote in a blog post Monday. “The cost of becoming a developer and being banned by Google is much lower than the money that can be earned by publishing malicious apps.”