Android Market Apps Hit With Malware

The inevitable has happened with the Android marketplace: Google pulled nearly two dozen apps Wednesday that were infected with malware capable of rooting devices and stealing data. The company is investigating dozens of others.


Users have downloaded as many as 200,000 of the free apps following their market appearance days ago. The apps ranged from games of chess to photo editors to those named “Super Sex Positions.” Google confirmed that they pulled the apps from the 2-year-old market early Wednesday.

“This is the first time there has been a widespread attack. This is the first time we’ve seen it in the real official Android marketplace,” Chris Wysopal, chief technology officer at Veracode, said in a telephone interview.
Wysopal, who said plenty of apps have been infected in overseas markets, added that it was inevitable that the Android app market would become home to malicious apps. He said the infected apps could insert software into a phone anonymously and make the phone click ads or send premium SMS messages.
There was no immediate evidence that any of the potential exploits actually happened.


Wysopal suggested that Google should begin vetting apps like Apple does for its platform.

“This was inevitable. The model has to be that the applications need to be vetted before they are available for download,” he said.

Google declined to address Wysopal’s statement on the record. But it provided its developers’ conditions agreement and a CNET story about the security of Android and Apple apps.

The Android attackers, meanwhile, downloaded legitimate applications and uploaded similar pirated versions back to the market with malware.

Dave Marcus, director of security research at McAfee Labs, said in an e-mail that “in terms of attacks and malware, it doesn’t get any worse than root access, which this malware has.”

Google is remotely removing the apps from Android devices. Security experts said phone owners who have downloaded the apps should wipe and “reset” their phones to their original state.
Here are some of the offending apps:

• Falling Down
• Super Guitar Solo
• Super History Eraser
• Photo Editor
• Super Ringtone Maker
• Super Sex Positions
• Hot Sexy Videos
• Chess
• Hilton Sex Sound
• Screaming Sexy Japanese Girls
• Falling Ball Dodge
• Scientific Calculator
• Dice Roller
• Advanced Currency Converter
• App Uninstaller
• Funny Paint
• Spider Man