HOME | About

Tuesday, June 21, 2011

Threat: DDLight Virus Infected 50 Android Market Apps

NoQR: Threat: DDLight Virus Infected 50 Android Market Apps
Approximately 50 applications at Android Market have been found to contain malware that can compromise personal data. This Android virus liked threat likely created by the same programmer who brought DroidDream to market before. The threat is a stripped down version of DroidDream security which researchers are calling Droid Dream Light (DDLight).

On previous attacks, more than 120,000 users are believed to have been affected by DroidDreamLight (DDLight) malware. The malware acts in a way to transmit personal information data to the threat developer. Known about this, Google quickly removed all infected applications from Android Market. The discovered codes on DDLight indicates that malware activities can be triggered by a phone call.

Mobile security firm named Lookout Security Team has identified that the malware modifies Android applications and then redistribute the modified versions of those apps back into the Android Market.

Lookout Security on DDLight Virus Infected 50 Apps

The firm explores how the malware works. They'd found that malicious components of DroidDream Light are invoked on receipt of an android.intent.action.PHONE_STATE intent (eg. incoming voice call). DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior. The broadcast receiver immediately launches the <package>.lightdd.CoreService command which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable to download and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention, they said.

Lookout Security Team then suggested the following actions to prevent infection from any malware:
1) Only download apps from trusted sources, such as reputable
    application provider. Take a close look to the developer.
2) Always check the permissions (i.e. from Android Market) of
    an application. Ensure that the permissions an application
    requests match with features the app provides.
3) Be alert for unusual behavior on your phone. This behavior
    could be a sign that your phone is infected. Such behavior
    in example are; unusual SMS or network activity.
4) Download a mobile security app for your phone that scans
    every app you download to ensure it’s safe. (Lookout Blog)

The latest threat (2011, June) was analyzed by Eset Antivirus Firm security. Analysts team indicated that the malware author are currently developing a new variant of DDLight. DDLight attack on Android applications is reported to have infected more than 50 apps in Android market.

Eset Security Antivirus App on DDLight Virus Infected

According to Eset security firm, their analysts was considered that this DDLight is a light version of the previous DDLight version. But in fact, the malware capable in resulting a higher damage, mainly due to malicious apps does not require human role or user interaction in performing manual start up of an application. So the nested malware could work along with the app.

Eset said that DroidDreamLight will then install the additional applications into the device. Then, the malicious apps will be integrated to be able to conducts cyber criminal activities, such as data theft. The security situation within mobile communications device is currently still open without adequate safety systems. This should be wary, given that the perpetrators of cybercrime are always developing threats to carry out more attacks.

If the perpetrators have begun focusing on mobile devices with an OS that had been attacked, then at the time mobile malware and phishing will reach epidemic levels, Eset added, in his statement on Tuesday (21/06/2011).

Permalink:  Threat: DDLight Virus Infected 50 Androi Market Apps

Permalink: Threat: DDLight Virus Infected 50 Android Market Apps


Post a Comment

W3 Directory - the World Wide Web Directory
W3 Annuaire
Blog Top Liste - by TopBlogs.de
Tout sur le Web