updated 10:20 pm EDT, Mon July 11, 2011
Android hit by DroidDream, Zitmo, HippoSMS malware
Android faced a slew of new if mitigated malware infections over the weekend. Antivirus software maker Lookout Security warned that a variant of DroidDream Light was briefly available with four apps on the legitimate market. Google had pulled the apps, but not before 1,000 to 5,000 people were infected, Lookout said.
The attack was significant as it was likely to have been published by the same author that had been caught uploading malware earlier. Why Google hadn't taken action to prevent a resubmit isn't clear, though Google has historically had a consciously loose app screening policy to provide more liberties to developers.
Two instances of rogue code have been spotted outside of Google's own store. One, Zitmo, has been developed by a dedicated malware team ZeuS. Fortinet found that the trojan variant poses as a banking app but forwards text messaging to an outside server, where ZeuS can intercept private data.
Another, HippoSMS, was found by NC State University Assistant Professor Xuxian Jiang on third-party Chinese app stores. The code not only steers text messages to a toll number to rack up high bills but blocks text messages to and from Chinese service providers that would warn the user of excessive charges. Android antivirus makers have been contacted, but the only solution so far is to be cautious and monitor both the source and app permissions.
While the attacks have been relatively isolated, they come just after a recent Symantec study that showed a much higher vulnerability in Android than in iOS to hostile code. Apple's policies are sometimes criticized for being too restrictive but have also left any malware incidents to those who jailbroke their phones and disabled many of the protections. Among Symantec's findings was that Google wasn't adequately screening for suspicious apps and was leading to malware that infected real, regular users before it was pulled. [via CNET]