Earlier this week, a rogue application was discovered in alternative Android app markets claiming to be Google’s Android Market Security Tool – the application that was developed by Google to clean up any user’s phones that were infected by DroidDream. The DroidDream cleaner application was published by Google over the weekend as an additional security measure for those that were infected or suspected to be infected with the DroidDream malware discovered last week. The fake version of the Android Market Security Tool app appears to have been modified with malicious code and was only published in alternative app markets, potentially targeting Chinese users. At this point, it appears to have the capability to send SMS message, the IMEI, install time, phone number and system version.
The rogue security tool packs the same payload identified by Aegis Lab in other repackaged applications on alternative markets. We have already deployed an over-the-air update that protects Lookout users from the fake Android Market Security Tool and other affected apps as well as the DroidDream malware. If you are currently a Lookout user, you are already protected and do not need to take any additional action.
If you are concerned and think that you downloaded an application infected with DroidDream, download Lookout Labs’ DroidDream Cleaner app as an added assurance. It is currently available on the Android Market and will remove all instances of DroidDream, including remnants of the malware and patch any remaining damage.
The growing trend to conceal malware in seemingly legitimate applications is just another reminder to always use discretion when downloading applications. Pay close attention to the developer name and publisher of the application – only download applications from developers you trust or know. Always read the reviews and check the ratings. As an additional precaution, check out third-party review sites like PC World, Appolicious or Cnet as well.
Who is affected?
This fake Android Market Security Tool does not appear to affect the majority of Android users. Only people who downloaded an application called Android Market Security Tool from a Chinese third-party market may be affected.