Between 30,000 and 120,000 users of Android devices are believed to have been affected by new mobile malware which has its roots in an earlier scourge known as Droid Dream. This variant, called Droid Dream Light, appears to have been created by the same developers whose malware had infected over 50 applications back in March. According to Lookout Security, the new malware was found in over 25 mobile applications, all of which Google has since removed from the Android Market.
Droid Dream “Light”
Droid Dream Light is a stripped down version of the original DroidDream, says Lookout. Its malicious components are invoked upon the receipt of a “android.intent.action.PHONE_STATE intent” – for example, an incoming phone call. That means that this variant is not dependent on the manual launch of the malicious application in order to trigger it into action. Instead, explains Lookout via blog post:
The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.
In other words, despite the malware’s designation of “Light,” in some ways it’s actually more malicious as it requires no user actions to take place in order for it to launch.
Lookout says it identified the malware thanks to a tip from a developer who notified them that modified versions of his app and another developers app were being distributed in the Android Market. The Lookout team then confirmed that there was malicious code in these apps and identified those as containing much of the same code as earlier DroidDream samples. Four different developer accounts were used to distribute the malware. The following apps were infected:
Magic Photo Studio
- Sexy Girls: Hot Japanese
- Sexy Legs
- HOT Girls 4
- Beauty Breasts
- Sex Sound
- Sex Sound: Japanese
- HOT Girls 1
- HOT Girls 3
- HOT Girls 2
Mango Studio
- Floating Image Free
- System Monitor
- Super StopWatch and Timer
- System Info Manager
E.T. Tean
- Call End Vibrate
BeeGoo
- Quick Photo Grid
- Delete Contacts
- Quick Uninstaller
- Contact Master
- Brightness Settings
- Volume Manager
- Super Photo Enhance
- Super Color Flashlight
- Paint Master
Lookout reminds users that to stay safe, they should install from trusted sources, check the developer name and reviews, check for the permissions the app is requesting, be aware of any unusual behavior on their phone and, of course, use a mobile security app like the one from Lookout.
Unfortunately, that last requirement is becoming all too much of a necessity on Android devices these days, especially since much of the malware mimics the naming formats, descriptions and even the code of other popular titles. Not only is this bad for the end user, it’s bad for developers, whose apps’ names are ripped off and used to distribute malware.
