Malicious apps discovered in Android Market

By on
Malicious apps discovered in Android Market

Large numbers of malware-laden popular apps such as Angry Birds have hit Google's official Android Market.

A rogue developer with the handle “Lagostrod” uploaded infected versions of at least a dozen popular games, including Cut the Rope, Need for Speed: Shift, and Assassin's Creed: Revelations, F-Secure researcher Sean Sullivan said.

After being notified of the issue, Google removed the apps and suspended the developers' accounts.

If installed, the apps attempted to send SMS messages to costly premium-rate numbers.

Following the discovery of the malicious apps posted by Lagostrod, researchers found a second rogue developer with the handle "Miriada Production," who also posted several bogus games to the Android Market.

A Google spokesman declined to comment about the malware outbreak.

“There could be several [other] such accounts in [the] Android Market, turning Google's security efforts into a game of [Whac-A-Mole],” F-Secure researchers warned.

The premium-rate trojans were targeting users in 18 countries.

The incident is the latest in a series of cyber crime waves to hit the Android Market.

Last week, nefarious horoscope and wallpaper apps were discovered on the Android Market that also sent messages to premium-rate numbers, Lookout researchers said. Those apps have also since been removed.

Attackers have for some time been abusing premium-rate SMS services for their own gain.

Often used for adult or horoscope chat lines and other services, premium-rate numbers allow third parties to amend an additional charge on an individual's cellphone bill and receive payment for 'provided' services.

Once downloaded, premium-rate SMS trojans cause a users' phone to send text messages to attacker-owned numbers, resulting in charges on a user's phone bill.

However, despite Google's efforts, the apps were downloaded about 14,000 times, according to researchers at Lookout.

Sophos principle virus researcher said Google's open app store model is easy for cyber criminals to abuse.

“The requirements for becoming an Android developer that can publish apps to the Android market are far too relaxed,” Svajcer said.

“The cost of becoming a developer and being banned by Google is much lower than the money that can be earned by publishing malicious apps.”

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

You have to spend $10k on new business hardware. What do you buy?
Collaboration hardware
Enormous monitors
New smartphones
New PCs
Minimum spec Mac Pro for $9,990.
We'd fake some paperwork and have a party instead
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?