More Android Smartphone Malware Found, Removed from Marketplace

« Firefox Users Not Safe from Scareware | Main | Firefox 5 Released by Mozilla Foundation »


More Android Smartphone Malware Found, Removed from Marketplace

Kevin R. Smith

Kaspersky, makers of Kaspersky Antivirus just posted a lengthy piece on  new Android Malware called the "Plankton Trojan".

Originally discovered by Xuxian Jian (Assistant Professor and his research team at the Department of Computer Science, NC State University), his report on the Android malware disconcertingly begins,
This spyware does not attempt to root Android phones but instead is designed to be stealthy by running the payload under the radar.

"In fact, Plankton is the first one that we are aware of that exploits Dalvik class loading capability to stay stealthy and dynamically extend its own functionality.

"Our investigation indicates that there are at least 10 infected Android apps in the Official Android Market from three different developers.

"Its stealthy design also explains why some earlier variants have been there for more than 2 months....

What does this mean?

For starters, it means that the bad guys have found a way to get onto your Android without requiring "root" access, which means that it's able to evade detection and avoid tripping the warning screens and whatnot that you'd expect to see.

The report details how this application silently hooks into the phone, downloads in the background more things it needs to run, and uploads information about your account to computers the bad guys control.

Kasperksy's analysis revealed,
...the virus does not provide root exploits, but supports a number of bot-related commands.

"One interesting function is that the virus can be used collect information on users’ accounts.
What exactly the bad guys are doing with the botnet either isn't yet clear or isn't yet being revealed by Professor Jiang or Kaspersky. And for that matter what they're doing with the users' data isn't clear/revealed either.

This may be a case where they're just trying to test the waters and see what kind of flags they raise and what kind of information they can glean from users.

Regardless, it's definitely cause for some concern amongst users and antivirus researchers alike, as it will require the AV companies to rethink some of their strategies in protecting phones.

What's Google Doing about it?

According to the piece by Kaspersky,
Google has historically taken a hands-off approach to policing the Android Marketplace.

"It will suspend and remove suspicious or malicious applications when they're reported, but does not vet applications prior to posting them, as Apple does with its AppStore.

"A growing population of Android users and burgeoning Android Marketplace, however, may challenge that approach.


You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.