Recently, several malware apps have been discovered in the Android Marketplace. Tech headlines are brimming with descriptions of malware called DroidDream, DroidKungFu, Plankton, & YZHCSMS. Well, at least you would think that tech headlines would be all over this subject. According to Google, just one of these password stealing programs, Plankton, was downloaded over 210,000 times. These malicious programs are capable of stealing personal information, passwords, contacts, emails, browser history, device ids, sending SMS text messages (at a premium cost to you), discretely calling expensive premium numbers, and more; all the while hiding themselves from you, the user. These apps are piggybacked onto legitimate looking apps (Angry Birds Rio Unlock anyone?) that you can download from Google’s official Android Marketplace. Remember the old adage, if it looks too good to be true/free, it is. Be very wary of installing apps from unknown sources / unknown official market developers.
What does this mean for the average ‘Droid’ user?
How to Protect Your Android Phone
So, now you are appropriately scared of installing anything from the Android market that isn’t from Rovio, Google, or EA. But what do you do about it. Install one of the following FREE (as in beer) security tools, Lookout Mobile Security is recommended. Also, consider running a firewall such as DroidWall (Root Required) to monitor and restrict network access.
Recommended Security Apps:
- Lookout has a free and premium paid version. The free version features anti-virus/anti-malware/anti-spyware; some backup capabilities; and locate lost phone feature. The premium paid version is ~$30 per year (REALLY!) but includes phishing website blocker, extended backup, remote wipe and lock, and premium support. https://www.mylookout.com/features
- Droidwall Android Firewall is a front-end application for the powerful iptables Linux firewall. It allows you to restrict which applications are permitted to access your data networks (2G/3G and/or Wi-Fi). Droidwall Market Link
Free Runners up:
What do I do now?
For mitigation, please follow basic, common-sense guidelines for smartphone security. For example,
- download apps from reputable app stores that you trust; and always check reviews, ratings as well as developer information before downloading;
- check the permissions on apps before you actually install them and make sure you are comfortable with the data they will be accessing;
- be alert for unusual behavior on the part of mobile phones and make sure you have up-to-date security software installed on your phone.
- Consider using a Firewall app such as DroidWall (XDA Thread) to monitor / restrict data access
Read through the list of affected / poisoned apps at the end of this post. If you have downloaded and installed one of these apps, chances are that your phone is infected. Recommended action is to install Lookout Security free and scan / clean. Barring successful results, a full system wipe my be advised.
- From your Android homescreen: Menu Settings Privacy Factory Data Reset
- Uncheck “Automatic Restore” first. Otherwise malware app may be automatically downloaded after first log in of your Google account!
- NOTE: This will erase ALL DATA from your phone
Why this is a problem on Android
The Android operating system is open source software created by Google for mobile phones. If you are reading this, then you probably already know that. The openness of the OS has made Android popular with developers, hobbyists, and modders because of the complete control of the system it allows. The openness of open source software also makes for a more secure operating system… or so it has in the past with desktop operating systems. Because there are so many community developers pouring over the code, security holes and exploits are found, patched, and rolled out quicker than traditional software models. The problem with Android lies with the mobile carriers and device manufacturers. Recent Android malware has been discovered utilizing bugs in the Android OS that, unbelievably, was patched by Google with the Android software update 2.2.2. Chances are, your device does not have 2.2.2 (check by hitting menu on the homescreen / settings / about phone / Android version). Turns out, even Android 2.3 Gingerbread may have some similar vulnerabilities. Google has in the past responded quickly to these threats and removed them remotely from your phone via a remote kill switch.
Plankton and YZHCSMS poisoned apps:
Publisher Crazy Apps: Shake To Fake (Fake call); Angry Birds Rio Unlock; Angry Birds Cheater; Angry Birds Multi User!; Favorite Games Backup; Call Ender; Bring Me Back My Droid!; and Chit Chat. Other apps affected include Guess the Logo (from a developer by the same name) and Snake Kaka, from developer PHILL DIG.Source NCSU
DroidDreamLight poisoned apps:
Publisher – Magic Photo Studio:Sexy Girls: Hot Japanese;Sexy Legs;HOT Girls 4;Beauty Breasts;Sex Sound;Sex Sound: Japanese;HOT Girls 1;HOT Girls 2;HOT Girls 3
Publisher – Mango Studio: Floating Image Free;System Monitor;Super StopWatch and Timer;System Info Manager;
Publisher- E.T. Tean: Call End Vibrate
Publisher – BeeGoo: Quick Photo Grid;Delete Contacts;Quick Uninstaller;Contact Master;Brightness Settings;Volume Manager;Super Photo Enhance;Super Color Flashlight;Paint Master
Publisher – DroidPlus: Quick Cleaner;Super App Manager;Quick SMS Backup
Publisher – GluMobi: Tetris;Bubble Buster Free;Quick History Eraser;Super Compass and Leveler;Go FallDown !;Solitaire Free;Scientific Calculator;TenDrip
source Lookout Mobile Security
DroidDream poisoned apps:
Publisher – Myournet:Falling Down;Super Guitar Solo;Super History Eraser;Photo Editor;Super;Ringtone Maker;Super Sex Positions;Hot Sexy Videos;Chess;下坠滚球_Falldown;Hilton Sex Sound;Screaming Sexy Japanese Girls;Falling Ball Dodge;Scientific Calculator;Dice Roller;躲避弹球;Advanced Currency Converter;App Uninstaller;几何战机_PewPew;Funny Paint;Spider Man;蜘蛛侠
Publisher Kingmall2010:Bowling Time;Advanced Barcode Scanner;Supre Bluetooth Transfer;Task Killer Pro;Music Box;Sexy Girls: Japanese;Sexy Legs;Advanced File Manager;Magic Strobe Light;致命绝色美腿;墨水坦克;Panzer Panic;裸奔先生;Mr. Runner;软件强力卸载;Advanced App to SD;Super Stopwatch & Timer;Advanced Compass Leveler;Best password safe;掷骰子;多彩绘画;
Publisher we20090202:Finger Race;Piano;Bubble Shoot;Advanced Sound Manager;Magic Hypnotic Spiral;Funny Face;Color Blindness Test;Tie a Tie;Quick Notes;Basketball Shot Now;Quick Delete Contacts;Omok Five in a Row;Super Sexy Ringtones;大家来找茬;桌上曲棍球;投篮高手;
source Lookout Mobile Security