Feeds

Google vanishes 'DroidDream' malware from citizen phones

Android 'kill switch' flipped

Top 5 reasons to deploy VMware with Tegile

Google has acknowledged that it removed "a number" of malicious malware applications from the Android Market on March 1, and it has now reached out over the airwaves to remove the apps from end users devices as well.

Last week, reports indicated that more than 50 Android apps had been loaded with info-pilfering software known as DroidDream. Google immediately responded by pulling the apps from the Market, but the company remained silent on the matter until tossing up a blog post on Saturday evening.

According to Google, the malware exploited known vulnerabilities that had been patched in Android versions 2.2.2 and higher. Google "believes" the attacker or attackers was only able to gather device-specific information, including unique used to identify mobile devices and the version of Android running on the device. But the company added that attackers could have accessed other data.

In addition to removing the apps from the Android Market, Google suspended the accounts of the developers involved and contacted law enforcement about the attack, and as it did on one previous occasion, the company used the "kill switch" that lets it remotely remove mobile apps that have already been installed by end users.

Google maintains a persistent connection to Android phones that let the company not only remotely remove applications from devices but remotely install them as well. The remote install tool is used when Android owners purchase apps via the new web incarnation of the Android Market. The Android Market Web Store lets you browse and purchase applications via a browser, as opposed to Android client loaded on handsets.

Apple maintains its own "kill switch" for the iPhone. In 2008, an iPhone hacker told the world that Apple had added an app kill switch to the iPhone, and Steve Jobs later confirmed its existence. "Hopefully, we never have to pull that lever," Jobs said, "but we would be irresponsible not to have a lever like that to pull."

On Saturday, Google also said that it is pushing a security update to all Android devices affected by the malware in question. If your device was affected, the company said, you will receive an email from android-market-support@google.com, and you'll get a notification on your phone that a package called “Android Market Security Tool March 2011” has been installed. You may also receive a notification that the offending apps have been removed.

The company is taking additional measures to stop such attacks in the future, but it did not provide specifics. "We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues," the blog post read. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.