Malware authors continue to target Google’s Android market with malicious apps disguised as legitimate software.
The latest incident?
A developer known as “Logastrod” coded trojanized copies of popular games and uploaded them to the Market over the weekend.
“The attacker created at least a dozen copies of the most popular games and published them as a free version after adding code to send SMS messages to premium line numbers,” explained Sophos security expert Vanja Svajcer.
“The malicious apps were published to the market early in the morning yesterday in Pacific time, most probably to allow the attacker for more time before the applications are removed by the Google security team.”
The list of infected games included:
– Cut the Rope FREE
– NEED FOR SPEED Shift FREE
– Assassin’s Creed Revelations
– Where’s My Water? FREE
– Riptide GP FREE
– Great Little War Game FREE
– World of Goo FREE
– Angry Birds FREE
– Shoot The Birds FREE
– Talking Tom Cat 2 Free
– Bag It! FREE
– Talking Larry the Bird Free
As expected, the trojanized apps were quickly downed by the Android Market security team, but not before appeoximately ten thousand users downloaded one of the malicious apps from the list.
According to Svajcer, abusing premium SMS services is one of the most typical models for malicious mobile malware. To be sure, when such an app is installed, it begins clandestinely sending or receiving messages – accruing expensive charges for the hapless user that are difficult to dispute after the fact.
“We have already stated several times that the requirements for becoming an Android developer that can publish apps to the Android market are far too relaxed.
“The cost of becoming a developer and being banned by Google is much lower than the money that can be earned by publishing malicious apps. The attacks on Android Market will continue as long as the developer requirements stay too relaxed,” Svajcer added.