Trojan exploits Android security fix

By on
Trojan exploits Android security fix

Antivirus vendors find a mobile home.

Malware writers have repackaged Google’s recently released Android Market Security Tool with a bonus Trojan. 

The fake Android security tool exploits Google’s answer to the information-stealing DroidDream malware, which had up to 200,000 users.

Google’s real clean up tool promised to remotely wipe 50 offending applications from Android devices and remove the exploits to prevent attackers accessing further information.

The fake tool, meanwhile, allowed its controller to send SMS messages at will. Its impact is currently limited to Chinese Android users.

Symantec researchers discovered the fake Android security tool on a third-party Chinese marketplace.

 

Potential victims of the "Trojanised" clean up tool were advised to be on the look out for subtle differences between the real and fake security tool.

Vanja Svajcer, a virus researcher at Sophos, warned that the fake tool required additional permissions for "services that cost you money" as well as the device’s location.

Google’s tool was also labelled version 2.5 while the fake version was 1.5.

Fellow antivius firm, F-Secure, has posted visual comparisons of the fake and real tools here.

Sophos' Svajcer speculated that the fake clean up tool could spell the beginning of "scareware" for mobile phones -- a technique commonly used to lure Windows PC victims.

"Judging by the popularity of Android devices and the recent increase in malware attacks, it may be just a matter of time before we start seeing highly suspicious products like Antivirus Android 2012 on the market," he said.

Svajcer criticised Google’s decision to open its mobile applications market to unofficial trading platforms.

"Personally, I think that the ability to install non-market applications and ability to create third party application markets was a mistake for Google's Android team from the security point of view. This path is leading us to Windows-like threat levels."

Meanwhile, Tim Armstrong, a virus researcher with Russian antivirus outfit Kaspersky Labs, has criticised Google for releasing a tool which failed to fix the actual vulnerability.

"We’ve had a look at this app, and it does not fix the vulnerability, it simply removes the applications known to be malicious," Armstrong said on Monday.

Copyright © iTnews.com.au . All rights reserved.
Tags:
android antivirus google security symantec

Most Read Articles

Devastating flaw puts almost every wi-fi network at risk

Devastating flaw puts almost every wi-fi network at risk
Hacked Aussie Defence firm lost fighter jet, bomb, ship plans

Hacked Aussie Defence firm lost fighter jet, bomb, ship plans
NBN Co works to recover cost of network damage

NBN Co works to recover cost of network damage
Subaru key fob vulnerability lets hackers unlock cars

Subaru key fob vulnerability lets hackers unlock cars
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats

Events

Most popular tech stories

Log In

Username:
Password:
|  Forgot your password?