New Android malware variant lands with a punch

Share this article:
On the heels of an invasion of malicious apps in Google's Android market that occurred in early March, a new variant was detected over the weekend.

The latest run is being dubbed DroidDream Light (DDLight) by its discoverer, Lookout Mobile Security, as it appears to be a variant of the earlier Myournet/DroidDream.

Researchers suspect the new variant was created by the same developers as the older version. That iteration, which infected more than 50 applications back in March, distinguished itself for being distributed via the official Android Market, rather than through suspect third-party providers or alternative app markets.

The Lookout team said it believes between 30,000 and 120,000 users have been affected by DroidDream Light. Meanwhile, the Juniper Networks Global Threat Center blog reported that the malware already has affected 25 applications from at least four Android market developer accounts, and places its tally of affected users at 100,000 or more.

While the malware is dubbed a "light" version of the original, it might, in fact, be capable of causing more devastating damage, as the malicious apps do not need a user to start up the application manually for the trojan to launch.

Rather, the code is set into action when a phone call is received on a smartphone, researchers said. DroidDream Light may then install additional applications to the user's device. These apps may have code embedded capable of a variety of malicious tasks.  

The four developer accounts discovered to be hosting DroidDream Light – Magic Photo Studio, E.T. Tean, BeeGoo and Mango Studio – were removed from the official Android Market as of May 30, a Google spokesperson told SCMagazineUS.com on Wednesday.

“We've suspended a number of suspicious applications from Android Market and are continuing to investigate them," the spokesperson said in an email.

Lookout offered a few words of warning to Android app users, including a suggestion to only download apps from trusted sources, such as reputable app markets. Users also should look at the developer name, reviews and star ratings, they said.

Also, mobile customers should check the permissions an app requests to ensure that it matches the features the app provides, Lookout said

Further, Lookout advised users to be on alert for anomalous behavior on their phones, such as unusual SMS or network activity, which could signal an infection.

According to a recently released Juniper report, the number of Android malware attacks increased 400 percent since the summer of 2010. The report also found that application download is the top distribution point for mobile malware, yet most smartphone users are not using any form of anti-virus protection.


For more on mobile malware, download the just published "Spotlight on mobile" special edition of SC Magazine. Click here to download the PDF.
Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.