The Latest in IT Security

New DroidDream Variant Found on Android Phones

31
May
2011

Android has become the main target for mobile malware.

Here’s “Hot Girls 1”, which was still yesterday available for download to your Android phone from Android Market:

hot girls 1

This application was originally harmless. However, a malicious developer called “Magic Photo Studio” downloaded the original application, modified it and re-uploaded it to Android Market.

As an end result, when installing “Hot Girls 1”, you might notice that it requires suspicious rights, especially for an application which is just supposed to show you pictures of, well, hot girls:

hot girls 1     hot girls 1

If you take a closer look at the installation file with a hex editor, you’ll see that the application has references to stuff it’s absolutely not supposed to be doing, including sending text messages:

hot girls 1

The malicious developer has inserted code that triggers when the phone receives a text message.

hot girls 1

The added code will connect to a server and send details about the infected handset to the malware authors. So we’re talking about a mobile botnet.

Our Android security product F-Secure Mobile Security blocks this as a variant of the DroidDream trojan, with the detection name Trojan:Android/DroidDream.B.

Dozens of examples of infected applications have been found from Android Market, uploaded under such developer names as Magic Photo Studio, BeeGoo and Mango Studio. Google has now removed them from the Market.

Leave a reply


Categories

TUESDAY, SEPTEMBER 19, 2017

Featured

Archives

Latest Comments

Social Networks