New Android malware variant lands with a punch

Share this article:
On the heels of an invasion of malicious apps in Google's Android market that occurred in early March, a new variant was detected over the weekend.

The latest run is being dubbed DroidDream Light (DDLight) by its discoverer, Lookout Mobile Security, as it appears to be a variant of the earlier Myournet/DroidDream.

Researchers suspect the new variant was created by the same developers as the older version. That iteration, which infected more than 50 applications back in March, distinguished itself for being distributed via the official Android Market, rather than through suspect third-party providers or alternative app markets.

The Lookout team said it believes between 30,000 and 120,000 users have been affected by DroidDream Light. Meanwhile, the Juniper Networks Global Threat Center blog reported that the malware already has affected 25 applications from at least four Android market developer accounts, and places its tally of affected users at 100,000 or more.

While the malware is dubbed a "light" version of the original, it might, in fact, be capable of causing more devastating damage, as the malicious apps do not need a user to start up the application manually for the trojan to launch.

Rather, the code is set into action when a phone call is received on a smartphone, researchers said. DroidDream Light may then install additional applications to the user's device. These apps may have code embedded capable of a variety of malicious tasks.  

The four developer accounts discovered to be hosting DroidDream Light – Magic Photo Studio, E.T. Tean, BeeGoo and Mango Studio – were removed from the official Android Market as of May 30, a Google spokesperson told SCMagazineUS.com on Wednesday.

“We've suspended a number of suspicious applications from Android Market and are continuing to investigate them," the spokesperson said in an email.

Lookout offered a few words of warning to Android app users, including a suggestion to only download apps from trusted sources, such as reputable app markets. Users also should look at the developer name, reviews and star ratings, they said.

Also, mobile customers should check the permissions an app requests to ensure that it matches the features the app provides, Lookout said

Further, Lookout advised users to be on alert for anomalous behavior on their phones, such as unusual SMS or network activity, which could signal an infection.

According to a recently released Juniper report, the number of Android malware attacks increased 400 percent since the summer of 2010. The report also found that application download is the top distribution point for mobile malware, yet most smartphone users are not using any form of anti-virus protection.


For more on mobile malware, download the just published "Spotlight on mobile" special edition of SC Magazine. Click here to download the PDF.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Two Russian cybercriminals nabbed in Android malware scheme

Two men were arrested for stealing money from victims' bank accounts after sending malicious emails offering a romantic gift.

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.