Skip to main content

New DroidDream Light Invades Android Market

Friday Lookout Security said that a new variant of the DroidDream Light malware was discovered on the Android Market. The firm said that somewhere between 1000 and 5000 consumers downloaded the infected apps before Google took noticed and kicked them out of the virtual store. This was reportedly the third release of this specific malware, following the second version released in June an the original version released in March.

"Four applications in the Android Market published by a developer named “Mobnet” were found to contain malware that is nearly identical to DroidDream Light," the security firm said. "Though our analysis is still underway, these applications are likely published by the same author as the original DroidDream malware."

The infected apps include Quick Falldown, Scientific Calculator, Bubble Buster and Best Compass & Leveler. Lookout noted that there isa legitimate application that has a package name similar to that of Best Compass & Leveler.  The Trojanized application capitalizes the package name (i.e. com.gb.CompassLeveler), while the legitimate application does not (i.e. com.gb.compassleveler).

Naturally all Lookout Free and Premium users are automatically protected.

Lookout's blog revealed that the new variant doesn't require the user to manually launch the infected app. Instead, after the initial installation, the malware will force the infected device to download other apps from the Android Market, visit specific websites possibly playing host to additional trojans, and even update the original DroidDream Light trojan itself.

"Only download applications from trusted sources, such as reputable application markets," Lookout said. "Remember to look at the developer name, reviews, and star ratings. Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides."

So far Lookout hasn't produced any additional information regarding the new variant, so stay tuned.