I can't say I was surprised when I saw the news today that Google had to remove apps from the Android Market because of malware. At RSA a few weeks ago, plenty of people I spoke with had concerns about it being just a matter of time until malware-loaded apps began to show up in the different app stores and marketplaces. That it was Google that first made news with infected apps wasn't a surprise, either, as Android has had its share of problems.
In this case, the malware in question is DroidDream and the apps with the malware were released by developers "Kingmall2010," "we20090202,? and "Myournet," according to Lookout Mobile Security's blog. According to the blog:
Lompolo, a user on the popular news aggregation site Reddit, discovered the first instances of this malware after noticing that the developer of one of the malicious applications had posted pirated versions of legitimate apps under the developer name "Myournet."
Mobile Security Threats and Malware Increased in Q4 2010
Cyber criminals are keeping tabs on what's popular, and what will have the biggest impact from the smallest effort.
Lompolo analyzed two suspicious applications and found that they contain exploit code that can break out of Android's application security sandbox. A blogger at Android Police took a closer look at the malicious applications and verified that they do indeed contain exploit code that can root a user's device as well code that can send sensitive information (IMEI and IMSI) from the phone to a remote server. Android Police also found that there is another APK hidden inside the code, which can steal additional sensitive data.
The malware was found in apps that I would hope aren't downloaded on a work-related phone (Lookout has a list of the infected apps, if you are curious), but there are some that could very well be useful on the business front or are the type of apps that are recommended as a download, like a scientific calculator, a task killer, barcode scanner or photo editor.