[SECURITY ALERT!] DroidDream Malware Found in Official Android Market

Search This thread

someonemx

Senior Member
Jan 6, 2011
68
9
thanks for the tip.

@Insanity rom thread an update zip has been uploaded to solve this malaware issue.
 

bluxart

Senior Member
Feb 8, 2011
137
26
Savannah, GA
I just went through my girlfriends phone and she has a "Shoot Bubble." Is the malware version just "Bubble Shoot", or did the writer get mixed up?
 

jdb78

Senior Member
Nov 17, 2008
203
24
I scanned my phone and it's all clean


Lookout needs a lot of permissions - kind of scary talking about possible backdoors and stuff, isn't it?

EDIT: now I know what those permissions are needed for. It is able to backup your contact data and almost everything to mylookout.com - still not sure if I would want to do that but a scan gave me "no malware or spyware apps found".
 
Last edited:

jdb78

Senior Member
Nov 17, 2008
203
24
oops, sorry, clicked "quote" instead of "edit", please delete this post, thx!
 

Darkstriker

Senior Member
Oct 19, 2009
625
176
i9100
OnePlus 2
I posted it before in a thread in Android Dev:

These applications use the rage-against-the-cage exploit that was discovered by z4ziggy. Android 2.2.1 (the basis of nearly all custom ROMs for the I9000) is patched against this security hole and even if you downloaded and installed and ran these applications you should be safe because they cannot get root-access and thus cannot do any of the malware-activities listed.

See androidsec.net
 

aadis

Senior Member
Oct 30, 2009
119
10
gujarat
Google pulls 56 malicious apps from Android Marketplace

original source: http://blog.mylookout.com/2011/03/s...-found-in-official-android-market-droiddream/

List of malicious Android App that steals your information and download additional craps to your phone

Full list Developed by “Myournet”:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

Full list Developed by “Kingmall2010″:
  • Bowling Time
  • Advanced Barcode Scanner
  • Supre Bluetooth Transfer
  • Task Killer Pro
  • Music Box
  • Sexy Girls: Japanese
  • Sexy Legs
  • Advanced File Manager
  • Magic Strobe Light
  • 致命绝色美腿
  • 墨水坦克Panzer Panic
  • 裸奔先生Mr. Runner
  • 软件强力卸载
  • Advanced App to SD
  • Super Stopwatch & Timer
  • Advanced Compass Leveler
  • Best password safe
  • 掷骰子
  • 多彩绘画

Full list Developed by “we20090202″:

  • Finger Race
  • Piano
  • Bubble Shoot
  • Advanced Sound Manager
  • Magic Hypnotic Spiral
  • Funny Face
  • Color Blindness Test
  • Tie a Tie
  • Quick Notes
  • Basketball Shot Now
  • Quick Delete Contacts
  • Omok Five in a Row
  • Super Sexy Ringtones
  • 大家来找茬
  • 桌上曲棍球
  • 投篮高手

Personal warning I'll also include AppsPlanet into those list if I were you.
thanks for information
 

_JKay_

Retired Recognized Developer
Aug 12, 2010
5,495
14,689
So these Malware apps only harm the 2.2 and not 2.2.1 android phones?

I really do not like the idea of the Kill Switch feature by Google!!!
Can it be disabled? If not I think I will try to make an Market on/off switch widget or does it already exist?.
 

Sine.

Senior Member
Patch for all pre-Gingerbread phones

Roddericks has wrote a patch again DroidDream for all pre-Gingerbread phones :
[Patch]Malware Exploit for all pre-Gingerbread phones
There is also an apk wrote by cyansmoker to do this : https://market.android.com/details?id=com.voilaweb.mobile.droiddreamkiller
the fix is based off of Justin's suggestions in the link...what is to stop future versions of this malware from ignoring this file in the future? nothing! but for now Justin over at andoidpolice.com has combed through the known infected apk files and provided us with this fix and info....i would read the 2 articles quote in the OP for all the goodies

the empty profile file shouldn't affect anything in the market or otherwise....i'm assuming the malware checks if that file exists and if it does then it doesn't try to run but this is speculation on my part. if i need to i can get some more information if the links in the OP don't answer your questions
@Allgamer : add this to the OP?
 

linuxnubee

Senior Member
Apr 19, 2012
195
44
@bluxart

The app..... Is warez summit not tollerated or discussed on xda

From my knowledge nearly all warez is a virus trojan spambot or all types of nasty stuff designed to steal your identity on whatever platform its on ie windows linux right through android.

Best steeer clear of it
 

linuxnubee

Senior Member
Apr 19, 2012
195
44
simply put

simply put no it wont nor everything from that place will even if you av uptodate, because it dont come with googles excellent android police who remove files with malicious code in them just look for myournet articles good read google took down 22 or 21 ish apps from this usr n abusr within five mins of being notified (wow great response there google) and are or have sorting patches for damage this little scrote done. DEVS KNOWS WHERE YOUR APPS ARE FROM LOL

USE PLAYSTORE ONLY MORE SECURE AND TRUSTED THAN ANYTHING.
 
Last edited:

plageran

Senior Member
Mar 10, 2011
168
36
Mother City
Tips!

Things you can do is setup scanning time's, ie 00:00. by that time most of our devices are plugged to charge and were asleep.

Secondly if you have a boot up scan, reboot your device after your alarm in the morning, by the time you're ready to leave, the scan should be done and you will have a "clean device" [most likely ram]

most av's will detect the infection before download or before installation. mine picked it up from google play store so......


I dunno I haven't downloaded anything lately. Check the screenshot:
 

Attachments

  • Screenshot_2013-06-04-13-55-57.jpg
    Screenshot_2013-06-04-13-55-57.jpg
    40.2 KB · Views: 90

Top Liked Posts

  • There are no posts matching your filters.
  • 15
    Google pulls 56 malicious apps from Android Marketplace

    original source: http://blog.mylookout.com/2011/03/s...-found-in-official-android-market-droiddream/

    List of malicious Android App that steals your information and download additional craps to your phone

    Full list Developed by “Myournet”:

    • Falling Down
    • Super Guitar Solo
    • Super History Eraser
    • Photo Editor
    • Super Ringtone Maker
    • Super Sex Positions
    • Hot Sexy Videos
    • Chess
    • 下坠滚球_Falldown
    • Hilton Sex Sound
    • Screaming Sexy Japanese Girls
    • Falling Ball Dodge
    • Scientific Calculator
    • Dice Roller
    • 躲避弹球
    • Advanced Currency Converter
    • App Uninstaller
    • 几何战机_PewPew
    • Funny Paint
    • Spider Man
    • 蜘蛛侠

    Full list Developed by “Kingmall2010″:
    • Bowling Time
    • Advanced Barcode Scanner
    • Supre Bluetooth Transfer
    • Task Killer Pro
    • Music Box
    • Sexy Girls: Japanese
    • Sexy Legs
    • Advanced File Manager
    • Magic Strobe Light
    • 致命绝色美腿
    • 墨水坦克Panzer Panic
    • 裸奔先生Mr. Runner
    • 软件强力卸载
    • Advanced App to SD
    • Super Stopwatch & Timer
    • Advanced Compass Leveler
    • Best password safe
    • 掷骰子
    • 多彩绘画

    Full list Developed by “we20090202″:

    • Finger Race
    • Piano
    • Bubble Shoot
    • Advanced Sound Manager
    • Magic Hypnotic Spiral
    • Funny Face
    • Color Blindness Test
    • Tie a Tie
    • Quick Notes
    • Basketball Shot Now
    • Quick Delete Contacts
    • Omok Five in a Row
    • Super Sexy Ringtones
    • 大家来找茬
    • 桌上曲棍球
    • 投篮高手

    Personal warning I'll also include AppsPlanet into those list if I were you.
    2
    First i manyally uninstalled the "Advanced Barcode Scanner" of KingMall2010.
    Second i scanned my device with Kasparsky and Lookout, both didn't find any threads.
    In the end i performed a reset to factory settings and a format of my SD-card.

    Can anyone please tell me if this actions are sufficient to completely whipe this malware of my device?

    Also i would like to know if this malware actively sent my private data to servers, or that it just opened a backdoor for later use. And if my data is already sent, what are the consequences and which actions should i take to do something about it.


    What you've done so far seems sufficient enough to clear the malware from your phone system. Even if it copied a backup on your SD card (internal & external) if you've wiped both then it should be ok.

    In regards to already leaked data, I would immediately change my passwords to gmail, emails, facebook, ebay etc or any other site that you may have used on your phone.
    1
    Should one of these apps had been installed already (Photo Editor), is there something else I can do ... other than flashing ?

    Thx
    1
    Should one of these apps had been installed already (Photo Editor), is there something else I can do ... other than flashing ?

    Thx

    you can simply un-install it, it doesn't really do anything to your phone until you run the app

    and even if you did, uninstalling it will remove the problem

    Flashing the phone is a bit over the top :p it's enough to do a system wipe if you want to be 100% sure, and then restore all your apps from backup, excluding the fake ones
    1
    you can simply un-install it, it doesn't really do anything to your phone until you run the app

    and even if you did, uninstalling it will remove the problem

    This is actually an incomplete answer.

    As noted on Android Police, (I'm new so I can't link there) these apps open a backdoor, which can download additional apps that can do *anything*. The original app doesn't do much on its own. But, removing the infected app will leave behind the additional malware introduced through the backdoor.