KitGuru reported yesterday that Google had to kill 21 applications from their online market due to malware infections. Unfortunately the situation appears to be worse than first expected with a total of 50 applications now being highlighted as infected.
Google have also yet to trigger an automatic deinstall of the programs from user phones, security experts said. Tom Parson’s a senior manager with Symantec’ security response team said “The apps were ‘Trojanized, With the phones being ‘rooted,’ the attacks can do almost anything, including pulling data off the phone.” Indicating that the malware can gain root access to the devices.
These troublesome applications were made available for four days on the Android market. Lookout, a San Francisco based smartphone security firm have said that between 50,000 and 100,000 copies of the applications have been downloaded by end users meaning that this is a serious security risk for a lot of Android users.
All of the programs were infected with the same rogue coder which is dubbed as ‘DreamDroid’. It allows attackers to compromise Android phones and connect them to a command and control server which can then issue orders directly to the phones. This is made even more complex by the fact that many of the applications were initially legit, and have been pirated and modified with the DreamDroid code.
While malware has been circulated before on the Android platform, this is the first time that they have been available on Google’s own market. Google do have the option to flip a switch in their base to remotely remove all malicious applications from Android smartphones, but so far it seems they have yet to do so.
Kevin Mahaffey, CTO of Lookout said “Google’s very responsible with that power, they want to make sure that it’s used only in cases when they’re sure they’re removing only malware.”
As Google Android gets more popular, they are facing a tougher task vetting the thousands of applications created every single day.
KitGuru says: With Google yet to make an official comment about the malware infected programs, we can only hope they do it sooner rather than later.