Google has taken action to delete more than a dozen cloned applications hosted on its Android Market after they were found to be malicious, racking up expensive text messaging charges on owners smartphones.
We’ve already seen it done in the Android Market and we’re bound to see it happen on other platforms.
Roger Thompson, emerging threats researcher, Verizon ICSA Labs.
A developer created cloned copies of about a dozen popular gaming apps, including Angry Birds, Cut the Rope and Assassin’s Creed Revelations, according to a blog post published Monday by U.K.-based security vendor Sophos. The malicious Android apps were uploaded Sunday and were taken down by Google Android Market staff early Monday.
“Google's reaction has been quick, but not quick enough -- at least ten thousand users downloaded one of the malicious apps from the list,” wrote Vanja Svajcer, a principal virus researcher in the SophosLabs Naked Security Blog.
Users who installed the cloned games were warned that the application had access to the device’s SMS text messaging capabilities. The application developer also disclosed via the terms of service that users would receive premium text messaging charges.
Experts have been warning about the rise in malicious mobile applications that take advantage of device services to steal data, secretly send premium rate text messages or other nefarious activities. Roger Thompson, emerging threats researcher at Verizon’s security testing division, ICSA Labs, said it’s very likely that more applications will attempt to tap into device processes to gain access to the sensitive data of smartphone owners.
“We’ve already seen it done in the Android Market and we’re bound to see it happen on other platforms,” Thompson said in an interview with SearchSecurity.com. “This is the method mobile attackers are likely to take.”
Rather than traditional desktop malware, “Trojanized” applications could initially cause trouble to individual owners and ultimately be a problem for enterprises, Thompson said. Attackers could steal account credentials and use them against corporate networks or they can tap into freely available information – data found on Facebook and other social networks – to conduct targeted social engineering attacks against employees, he said.
In March, Google removed more than 50 applications that contained a hidden Trojan called DroidDream. The search engine giant said it was building more safeguards into its Android Market to prevent hidden malware in applications. A second variant of DroidDream surfaced in July, infecting up to 5,000 people who downloaded the malicious applications. DroidDream gives cybercriminals the ability to break out of Android’s built-in application security sandbox feature.