Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

New Android malware variant lands with a punch

On the heels of an invasion of malicious apps in Google's Android market that occurred in early March, a new variant was detected over the weekend.

The latest run is being dubbed DroidDream Light (DDLight) by its discoverer, Lookout Mobile Security, as it appears to be a variant of the earlier Myournet/DroidDream.

Researchers suspect the new variant was created by the same developers as the older version. That iteration, which infected more than 50 applications back in March, distinguished itself for being distributed via the official Android Market, rather than through suspect third-party providers or alternative app markets.

The Lookout team said it believes between 30,000 and 120,000 users have been affected by DroidDream Light. Meanwhile, the Juniper Networks Global Threat Center blog reported that the malware already has affected 25 applications from at least four Android market developer accounts, and places its tally of affected users at 100,000 or more.

While the malware is dubbed a "light" version of the original, it might, in fact, be capable of causing more devastating damage, as the malicious apps do not need a user to start up the application manually for the trojan to launch.

Rather, the code is set into action when a phone call is received on a smartphone, researchers said. DroidDream Light may then install additional applications to the user's device. These apps may have code embedded capable of a variety of malicious tasks.  

The four developer accounts discovered to be hosting DroidDream Light – Magic Photo Studio, E.T. Tean, BeeGoo and Mango Studio – were removed from the official Android Market as of May 30, a Google spokesperson told on Wednesday.

“We've suspended a number of suspicious applications from Android Market and are continuing to investigate them," the spokesperson said in an email.

Lookout offered a few words of warning to Android app users, including a suggestion to only download apps from trusted sources, such as reputable app markets. Users also should look at the developer name, reviews and star ratings, they said.

Also, mobile customers should check the permissions an app requests to ensure that it matches the features the app provides, Lookout said

Further, Lookout advised users to be on alert for anomalous behavior on their phones, such as unusual SMS or network activity, which could signal an infection.

According to a recently released Juniper report, the number of Android malware attacks increased 400 percent since the summer of 2010. The report also found that application download is the top distribution point for mobile malware, yet most smartphone users are not using any form of anti-virus protection.

For more on mobile malware, download the just published "Spotlight on mobile" special edition of SC Magazine. Click here to download the PDF.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.