[SECURITY ALERT!] DroidDream Malware Found in Official Android Market

AllGamer · Mar 2, 2011

Google pulls 56 malicious apps from Android Marketplace

original source: http://blog.mylookout.com/2011/03/s...-found-in-official-android-market-droiddream/

List of malicious Android App that steals your information and download additional craps to your phone

Full list Developed by “Myournet”:

Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠

Full list Developed by “Kingmall2010″:

Bowling Time
Advanced Barcode Scanner
Supre Bluetooth Transfer
Task Killer Pro
Music Box
Sexy Girls: Japanese
Sexy Legs
Advanced File Manager
Magic Strobe Light
致命绝色美腿
墨水坦克Panzer Panic
裸奔先生Mr. Runner
软件强力卸载
Advanced App to SD
Super Stopwatch & Timer
Advanced Compass Leveler
Best password safe
掷骰子
多彩绘画

Full list Developed by “we20090202″:

Finger Race
Piano
Bubble Shoot
Advanced Sound Manager
Magic Hypnotic Spiral
Funny Face
Color Blindness Test
Tie a Tie
Quick Notes
Basketball Shot Now
Quick Delete Contacts
Omok Five in a Row
Super Sexy Ringtones
大家来找茬
桌上曲棍球
投篮高手

Personal warning I'll also include AppsPlanet into those list if I were you.

Rofa1 · Mar 2, 2011

Any views as to whether installing Norton, MacAfee or similar would have picked these up?

yiannisthegreek · Mar 2, 2011

Hey Allgamer,

Thanks for the great post / update!!!

Just wondering how much you are selling your Galaxy S for? Please PM me and let me know.

Thanks,

yiannisthegreek

Tehpriest · Mar 2, 2011

In case you have installed them.

Google spikes 21 malicious apps with big download counts from the Market
Google just removed some 21 apps from the Market in the last day from a publisher going by Myournet for doing all sorts of naughty things to your device. Offenses include attempting to root your phone, uploading phone information (including IMEI) to who-knows-where, and -- most egregiously -- adding a backdoor that allows additional code to be pulled down and executed.

List of his apps (may not be all)
http://www.androidzoom.com/android_developer/myournet_thqw.html

Auzy said:
The source appears to be: http://www.engadget.com/2011/03/02/google-spikes-21-malicious-apps-from-the-market-with-big-downloa/

And Mashable

http://mashable.com/2011/03/01/android-malware-apps/

You should ALWAYS read the forum before posting

AllGamer · Mar 2, 2011

Rofa1 said:
Any views as to whether installing Norton, MacAfee or similar would have picked these up?

Any of the well known Antivirus app for android should have picked it up.

I used to think we'll never need an AntiVirus app for Android... well think again.

after reading the article i downloaded all of them to run a full scan and the results are good

I scanned my phone and it's all clean

AvalonGamer · Mar 2, 2011

Should one of these apps had been installed already (Photo Editor), is there something else I can do ... other than flashing ?

Thx

AllGamer · Mar 2, 2011

AvalonGamer said:
Should one of these apps had been installed already (Photo Editor), is there something else I can do ... other than flashing ?

Thx

you can simply un-install it, it doesn't really do anything to your phone until you run the app

and even if you did, uninstalling it will remove the problem

Flashing the phone is a bit over the top

it's enough to do a system wipe if you want to be 100% sure, and then restore all your apps from backup, excluding the fake ones

kunjar · Mar 2, 2011

Waiting for ESET to debut on Android platform...

hansonator · Mar 3, 2011

kunjar said:
Waiting for ESET to debut on Android platform...

+1

This reminded me to reinstall lookout after fresh flash.

MightyDrakeC · Mar 3, 2011

AllGamer said:
you can simply un-install it, it doesn't really do anything to your phone until you run the app

and even if you did, uninstalling it will remove the problem

This is actually an incomplete answer.

As noted on Android Police, (I'm new so I can't link there) these apps open a backdoor, which can download additional apps that can do *anything*. The original app doesn't do much on its own. But, removing the infected app will leave behind the additional malware introduced through the backdoor.

uncletaz · Mar 3, 2011

Is there anyone who knows if these apps actually worked? What I mean is if the games for example were actually games? The reason I ask is that there is a bubble shoot like game installed on a friends phone which works (not sure if it's the one mentioned above).

So would you be able to recognize that malicious app in that way?

Edit: just noticed on the Lookout Blog that they actively send out a patch to detect these apps (if I read it correctly):

http://blog.mylookout.com/2011/03/s...-found-in-official-android-market-droiddream/

So if you have not yet scanned for those apps, do it now ;-)

genkdama · Mar 3, 2011

Thanks for the information!

traumaheli · Mar 3, 2011

How to remove and consequences

First i manyally uninstalled the "Advanced Barcode Scanner" of KingMall2010.
Second i scanned my device with Kasparsky and Lookout, both didn't find any threads.
In the end i performed a reset to factory settings and a format of my SD-card.

Can anyone please tell me if this actions are sufficient to completely whipe this malware of my device?

Also i would like to know if this malware actively sent my private data to servers, or that it just opened a backdoor for later use. And if my data is already sent, what are the consequences and which actions should i take to do something about it.

silverstorm · Mar 3, 2011

traumaheli said:
First i manyally uninstalled the "Advanced Barcode Scanner" of KingMall2010.
Second i scanned my device with Kasparsky and Lookout, both didn't find any threads.
In the end i performed a reset to factory settings and a format of my SD-card.

Can anyone please tell me if this actions are sufficient to completely whipe this malware of my device?

Also i would like to know if this malware actively sent my private data to servers, or that it just opened a backdoor for later use. And if my data is already sent, what are the consequences and which actions should i take to do something about it.

What you've done so far seems sufficient enough to clear the malware from your phone system. Even if it copied a backup on your SD card (internal & external) if you've wiped both then it should be ok.

In regards to already leaked data, I would immediately change my passwords to gmail, emails, facebook, ebay etc or any other site that you may have used on your phone.

traumaheli · Mar 3, 2011

silverstorm said:
What you've done so far seems sufficient enough to clear the malware from your phone system. Even if it copied a backup on your SD card (internal & external) if you've wiped both then it should be ok.

In regards to already leaked data, I would immediately change my passwords to gmail, emails, facebook, ebay etc or any other site that you may have used on your phone.

Thanks for your quick reaction. It makes me a little more comfortable. Indeed i already changed my password's.

I already called my phone provider, but apparently could not tell me whether the IMSI (international mobile subscription identity) and SIM card serial number are sufficient information to clone my SIM card. This is the information that would be sent by the malware to remote servers.

Therefor after work i go to get a new SIM card. It's better to be safe than sory after all.

SirBrass · Mar 3, 2011

I'm still not convinced on running a constant anti-malware app on my phone. Even with a good processor, my cpu cycles are a precious resource to keep my phone running light and fast.

How heavy on system performance is lookout? Does it only activate and scan when new material is installed?

Intlstyle · Mar 3, 2011

Lookout scans when u download or install any app on your phone, i havent noticed it running unless im installing

AllGamer · Mar 3, 2011

Intlstyle said:
Lookout scans when u download or install any app on your phone, i havent noticed it running unless im installing

yes, it only runs after you install a new app from market

i installed it after reading about the news, before that, i had no reason to worry about the stuff i download from the official android market

MrFrankfromCM · Mar 3, 2011

Much thanks for the heads up on this issue!

tizocalamilla · Mar 4, 2011

my question is what is the deal with app planet? i have it installed on my phone along with another app mentioned on the list...why would app planet be something to be worried about???

(P.S. im about five minutes away from wipeing my phone spottless clean thx for the Alert!!!!!)

[SECURITY ALERT!] DroidDream Malware Found in Official Android Market

Retired Forum Moderator

Senior Member

Senior Member

Tehpriest

Guest

Retired Forum Moderator

New member

Retired Forum Moderator

Senior Member

Senior Member

Member

Member

New member

New member

Senior Member

New member

Senior Member

Senior Member

Retired Forum Moderator

Senior Member

Senior Member

Similar threads

Top Liked Posts