Skip to main content

New DroidDream Light Invades Android Market

Friday Lookout Security said that a new variant of the DroidDream Light malware was discovered on the Android Market. The firm said that somewhere between 1000 and 5000 consumers downloaded the infected apps before Google took noticed and kicked them out of the virtual store. This was reportedly the third release of this specific malware, following the second version released in June an the original version released in March.

"Four applications in the Android Market published by a developer named “Mobnet” were found to contain malware that is nearly identical to DroidDream Light," the security firm said. "Though our analysis is still underway, these applications are likely published by the same author as the original DroidDream malware."

The infected apps include Quick Falldown, Scientific Calculator, Bubble Buster and Best Compass & Leveler. Lookout noted that there isa legitimate application that has a package name similar to that of Best Compass & Leveler.  The Trojanized application capitalizes the package name (i.e. com.gb.CompassLeveler), while the legitimate application does not (i.e. com.gb.compassleveler).

Naturally all Lookout Free and Premium users are automatically protected.

Lookout's blog revealed that the new variant doesn't require the user to manually launch the infected app. Instead, after the initial installation, the malware will force the infected device to download other apps from the Android Market, visit specific websites possibly playing host to additional trojans, and even update the original DroidDream Light trojan itself.

"Only download applications from trusted sources, such as reputable application markets," Lookout said. "Remember to look at the developer name, reviews, and star ratings. Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides."

So far Lookout hasn't produced any additional information regarding the new variant, so stay tuned.

  • getochkn
    Saying look at permissions is useless as every apps from a browser to simon seems to need access to network, phone calls, etc. I can't think of any app I've installed from the market that doesn't access almost everything anyways.
    Reply
  • skaz
    Looking at permissions is a good habit. Look for things like "account credentials". And check reviews, total downloads, date of app.
    Reply
  • Camikazi
    Yay DroidWall :) my DroidWall by default blocks any program from accessing the internet in anyway until I allow it. Have to be rooted to use it but it's a great little front end for iptables.
    Reply
  • cyprod
    getochknSaying look at permissions is useless as every apps from a browser to simon seems to need access to network, phone calls, etc. I can't think of any app I've installed from the market that doesn't access almost everything anyways.No offense, but then you're exactly the type of user they're going after. I never install an app unless I can justify why the app needs a permission. For example, shopper apps (the bar code scanning ones) for some odd reason always want access to my address book. That makes no sense, I'll just keep looking till I find one without that access. I assume if it's asking for permissions that don't make sense, it's probably doing something behind the scenes I don't want it to do.
    Reply
  • hellwig
    cyprodNo offense, but then you're exactly the type of user they're going after. I never install an app unless I can justify why the app needs a permission. For example, shopper apps (the bar code scanning ones) for some odd reason always want access to my address book. That makes no sense, I'll just keep looking till I find one without that access. I assume if it's asking for permissions that don't make sense, it's probably doing something behind the scenes I don't want it to do.No offense, but those apps do make sense. Those bar-code scanning apps need access to your address book because QR-codes are a convenient way to transfer contact information. Rather than hand someone your business card, you convert your contact information into a QR-code. Someone else captures that code off your phone onto their own, and the app itself then creates a contact in their address book. Otherwise, you'd have to somehow copy contact information (name, email, phone) individually into a single text document, then copy that text into a QR-generating program. The person scanning that code would then have to copy each field individually back into a new contact. What a hassle, when all you have to do is allow the QR-code reading app access to your address book. Now, if you don't want to use it that way, that's your choice, but it makes complete sense to many people.
    Reply
  • dami
    Two points, one for the article and one for Cyprod.

    1) Why are users of Lookout Free and Premium "naturally" protected? That's like saying naturally Norton and Clamwin users are protected. Just because you have virus protection software does NOT automatically make you immune.

    2) Bar code scanning apps require address book info, because Quick Response Codes (QRC) can contain a company mailing address, email address, and phone numbers. Therefore, they need permission to write to your address book, to store that information.
    Reply
  • JasonAkkerman
    QRC apps, and bar code scanning apps for shopping reasons are two different thing.

    Reply
  • @hellwig

    two dudes on smartphones and not one of them know how to transfer contact details (i guess electronic business cards never crossed their minds) via Bluetooth but instead chooses to use QRC on a printed business card (oh god dont tell me they going to transfer the picture via Bluetooth, or worst still try and capture the QRC off the screen....)

    @dami

    I do not wish to add any marketing contacts to my addy book, i would only go as far as using QRC to get to a web page, the last time i thought hey i need to add this companies contact details to my personal address book asap after seeing a QRC on one of their product was.... never
    Reply