.
.
_________________________________________________________________________ .
Android Malware DreamDroid Dubbed a Nightmare
Android apps have fallen prey to a malware that steals user data and more once installed on an Android phone.
March 3, 2011
BY: KELSEY WAANANEN
ANCHOR: ANA COMPAIN-ROMERO
You're watching multisource tech video news analysis from Newsy.
“The virus is capable of the following : it can place a phone call, read and keep your text messages, send and delete them also, put all of your contact information and send it to a remote server, and also silently download files.”
(Android Trek)
It’s called the Gemini Trojan, unleashed last December. Now, more than 50,000 Android users have been introduced to its bigger, badder successor. They’ve all been hacked by the newest Android malware -- deemed DreamDroid -- present in more than 50 apps on the Android Market. Google recently pulled those apps and one of their publishers off the market -- but the damage has already been done.
DreamDroid works to get user information about the phone, such as make, model and user ID. However, Mashable notes, the real danger comes later -- and that’s what makes this hack significant.
“...you can’t be sure that your device and user information is truly secure. Considering how much we do on our phones -- shopping and mobile banking included ... it might be best to take your device to your carrier and exchange it for a new one...”
A publisher by the name of Myournet repackaged popular apps with the malware, and slightly changed their names, and then submitted them to the Android Market. The list includes apps with names like “photo editor,” "scientific calculator,” and “chess.” But Android Police points out, hacking the user info isn’t the worst this malware can do.
“... the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless. ... this is the ultimate Android Trojan to date...”
But a blogger for CSO Online is not impressed by the DreamDroid malware itself, but more the impact it will have on the market.
“... there's nothing particularly remarkable here. Not to me, anyway. Smarter people may see it differently. But it is one more example of how the mobile threat has really shifted from an abstract concept to reality.”
BetaNews agrees and notes this has exposed faults with Google’s model.
“Whereas Apple individually inspects every app that is submitted for inclusion in the App Store, Google allows for a developer to publish apps freely to the Android Market once they have been registered. Google does from time to time comb through apps to ensure they meet guidelines, but this is done after it has already been live within the Android Market.”
Apps carrying the malware were present on the Android Market for 4 days before they were removed. AndroidCentral says the problem has already been fixed -- but only in the newest update.
“Starting with 2.2.2, AOSP has been fixed to halt this exploit, and with Gingerbread it no longer works at all.”
Finally, Techworld details what this means for current technology -- and cautions Google to take these threats more seriously.
“ … And Google? It needs to wake up from its focus on software and features and remember the lesson of Windows, the last major software platform to let itself get overrun with malevolent apps.”
Many sites echo Mashable’s sentiments-- the best way to make sure your information is secure is to completely wipe your Android device.
__________________________________________________________________________ __________________________________________________________________________
Reciprocal links:
http://HermannHearsay.blogspot.com/(Hermann Area News, Commentary & Discussion)
No comments:
Post a Comment