At Least 50 Android Apps Infected With “DroidDream” MalwareMon 07 Mar, 2011 // Chris Allan
It has been reported that over 50 applications on Google's Android Market have been infected with malware called "DroidDream". The rootkit malware is capable of accessing the personal data of the user by taking over the user's device.
The applications have been identified and excluded from the Market store. However, it gives rise to a new wave of concern surrounding smartphone vulnerability, which is highlighted by the low level of investment required to become an application publisher with Android. The $25 entry fee to publish your application allows malware writers and spammers to create new developers’ accounts with relatively little expense.
According to Ina Fried of AllThingsDigital, the threat of mobile malware is moving from “the realm of the theoretical to the actual.” The smartphone and wireless device commentator spoke of the increasing complexity and immediacy of the latest malware infiltration. Fried said:
The latest attack, known as “Droid Dream,” managed to take it a step further and resulted in infected apps making their way into Google’s official Android Market… Although Google managed to expunge the 50 or so affected apps within minutes of learning of their presence in the store, the fact they made it that far indicates the game is changing.
The malware is believed to have affected circa 200,000 users, and was first discovered by a Reddit user, whose vigilance paid off when he noticed the app developer of one of the corrupted apps was also posting pirate versions of other legitimate applications elsewhere on the net.
With the growing proliferation and complexity of mobile phone technology, it is becoming increasingly attractive for hackers and spammers. The almost comprehensive nature of smartphones today, with which one can perform most of the major tasks previously associated solely with the PC, has made it far easier and logical for cyber criminals to focus their attention on the new mobile market.
As such, mobile security software has become a hot topic, with many commentators referring to the “open” platform of Android software - as opposed to the “closed” Apple equivalent – as a key issue in any Android vulnerability discourse.
In addition to the “openness” of the Android application platform, the availability of alternative app developments has also been pin-pointed as a possible flaw in the system, allowing malware writers a greater level of access
“We have been pleased to work with commissum who have provided us with services to address our Security Assurance requirements. commissum met our demands, as an organisation operating within the Legal Services sector, with the highest level of integrity, commitment and excellent level of service. We would have no hesitation in recommending commissum.”
Mr Kenneth P, IT Manager, National Legal Services
"commissum recently provided us with services to assess a web application and supporting infrastructure. I was impressed with the consultants throughout the project, by their technical knowledge, flexibility, open communication and willingness to go that extra mile. Of particular benefit was the sound advice given both during and after the engagement. By identifying vulnerabilities promptly, accompanied with practical recommendations on how to address them. We were able to implement improvements quickly. Good value, a job well done.”
JM, Infosec Analyst, International Investment Bank
"We engaged with commissum for the first time this year and found them highly professional and a pleasure to do business with. We were particularly pleased with the report provided which was of excellent quality, with an appropriate level of detail and clarity in its recommendations. I would happily refer others to commissum.”
Mr Billy K, IT Director, National Law Firm
"We are extremely pleased with the work carried out by the commissum team. All of the commissum staff were a pleasure to work with and maintained a high level of professionalism at all times. They were able to provide us with sound advice and guidance to make sure that we got the best value for money from our test and provided excellent communication and recommendations before, during and after the tests. I would strongly recommend commissum to other companies that are looking for peace of mind in relation to their IT security and I can say that we will use commissum again for future testing.”
Chris S, IT Officer - UK Housing Association
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"
Mr Duncan M, Information Security Manager - National Building Society
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum was particularly responsive and the project was well managed under demanding conditions. I was very happy with the technical standard. Very good value for money as well”
Mr Kenneth Y, Head of IT Risk & Compliance, International Retail Bank
"I was very pleased with the work delivered by commissum from start to finish. The quality of reporting was excellent and the consultants very helpful with clear communication throughout the engagement. I would happily recommend commissum to others.”
Ms Louisa L, IT Manager, National Building Society
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”
Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank
"From the start the project went very smoothly despite the short notice. commissum maintained excellent communication throughout ........ their flexibility and responsiveness right up to the end of the project was of great value to us.”
Mr Keith H, Senior Business Manager - UK Local Government