[SECURITY ALERT!] DroidDream Malware Found in Official Android Market

---

Google pulls 56 malicious apps from Android Marketplace

original source: http://blog.mylookout.com/2011/03/se...et-droiddream/

List of malicious Android App that steals your information and download additional craps to your phone

Full list Developed by “Myournet”:

• Falling Down
• Super Guitar Solo
• Super History Eraser
• Photo Editor
• Super Ringtone Maker
• Super Sex Positions
• Hot Sexy Videos
• Chess
• 下坠滚球_Falldown
• Hilton Sex Sound
• Screaming Sexy Japanese Girls
• Falling Ball Dodge
• Scientific Calculator
• Dice Roller
• 躲避弹球
• Advanced Currency Converter
• App Uninstaller
• 几何战机_PewPew
• Funny Paint
• Spider Man
• 蜘蛛侠

Full list Developed by “Kingmall2010″:

• Bowling Time
• Advanced Barcode Scanner
• Supre Bluetooth Transfer
• Task Killer Pro
• Music Box
• Sexy Girls: Japanese
• Sexy Legs
• Advanced File Manager
• Magic Strobe Light
• 致命绝色美腿
• 墨水坦克Panzer Panic
• 裸奔先生Mr. Runner
• 软件强力卸载
• Advanced App to SD
• Super Stopwatch & Timer
• Advanced Compass Leveler
• Best password safe
• 掷骰子
• 多彩绘画

Full list Developed by “we20090202″:

• Finger Race
• Piano
• Bubble Shoot
• Advanced Sound Manager
• Magic Hypnotic Spiral
• Funny Face
• Color Blindness Test
• Tie a Tie
• Quick Notes
• Basketball Shot Now
• Quick Delete Contacts
• Omok Five in a Row
• Super Sexy Ringtones
• 大家来找茬
• 桌上曲棍球
• 投篮高手

Personal warning I'll also include AppsPlanet into those list if I were you.

Some of them seem like the standard spammy, suspicious apps that I naturally avoid, but some of them actually look like popular apps - i.e. the advanced stuff, app uninstaller. Fortunately I don't have any of those stuff on my phone though. And if I'm putting something up from non- android market like over here on XDA perhaps, that I'm suspicious of I tend to scan it first (both on my PC and then on my mobile as well). And even on market I prefer to download apps that have many downloads and comments. Can't be too careful.

What's that pewpew thing? Not the same as this:https://market.android.com/details?i...=search_result is it?

Quote:

Originally Posted by syrenz

What's that pewpew thing? Not the same as this:https://market.android.com/details?i...=search_result is it?

yes, it's that one, but seems like there was a fake copy of it floating in market

i was afraid too when i saw it, as i did install the legit one, but wasn't sure about the developers name

Yeah, that's the only thing that I installed so I was worried for a moment there.

The original source is reddit.

http://www.reddit.com/r/Android/comm...ree_apps_from/

The whole market is just plain broken and it's a nightmare. It's embarrassing that the author of one of the apps has been complaining through every means possible to google for over a week to get pirated copies of his software taken down (he didn't realize they were injected with malignant code though). So, finally someone notices the developer name looks fishy for one of these apps and is curious to take a look inside the files and sees rageagainstthecage, pokes further, is horrified consults others and posts to reddit. Android Police picks it up and the story starts to spread and then finally google pays attention.

Google really needs to respond. The market.android.com website is so freaking buggy. Imagine if someone figures out how to use web install to push infected crap onto peoples phones. It almost makes you pray to Motorola to also signature check /system. Almost.

What's the deal with raceagainstthecage? Isn't that what we used to root XT720?

Quote:

Originally Posted by syrenz

What's the deal with raceagainstthecage? Isn't that what we used to root XT720?

Indeed. We use rageagainstthecage to install superuser and then we use superuser instead of rageagainstthecage to get root afterwards. Superuser is designed to be well behaved and everything else is built to cooperate and behave with superuser. The trojaned apps use rageagainstthecage to basically do whatever they want. It doesn't use superuser, so you don't see any notifications.

that's for all the info Mioze7Ae

that's very insightful

As far as I see I did not install one of these apps- but I would like to know anyway what should be done if one did install a malicious app- just remove it? Or better reflash the rom?

Theres already a thread for a patch here at xda:
http://forum.xda-developers.com/showthread.php?t=977154

And somebody developed an apk to search for an infection and to create a so-called stop file to prevent infections in future.
DroidDreamKiller

Is this really checked thoroughly?

'Cause I know at least Finger Race isn't malware at all.