Android has become the main target for mobile malware.
Here’s “Hot Girls 1”, which was still yesterday available for download to your Android phone from Android Market:
This application was originally harmless. However, a malicious developer called “Magic Photo Studio” downloaded the original application, modified it and re-uploaded it to Android Market.
As an end result, when installing “Hot Girls 1”, you might notice that it requires suspicious rights, especially for an application which is just supposed to show you pictures of, well, hot girls:
If you take a closer look at the installation file with a hex editor, you’ll see that the application has references to stuff it’s absolutely not supposed to be doing, including sending text messages:
The malicious developer has inserted code that triggers when the phone receives a text message.
The added code will connect to a server and send details about the infected handset to the malware authors. So we’re talking about a mobile botnet.
Our Android security product F-Secure Mobile Security blocks this as a variant of the DroidDream trojan, with the detection name Trojan:Android/DroidDream.B.
Dozens of examples of infected applications have been found from Android Market, uploaded under such developer names as Magic Photo Studio, BeeGoo and Mango Studio. Google has now removed them from the Market.
Leave a reply