Google's Android app store was the home for yet another malware program for a few weeks before its true nature was discovered. The malware is known as Android.Dropdialer and it was posted on Google Play, packaged under names such as Super Mario Bros and GTA 3 Moscow City, on June 24.
In a post on Symantec's blog, the software company said that Google's Android Security division quickly pulled the malware program from Google Play after being alerted to the issue by Symantec. By that time, the malware had been downloaded between 50,000 to 100,000 times.
Symantec speculates that the reason the malware wasn't discovered until a few weeks later was because it used an outside service to download the main package. The blog states:
In the case of Android.Dropdialer, the first stage was posted on Google Play. Once installed, it would download an additional package, hosted on Dropbox, called ‘Activator.apk’. This additional package sends SMS messages to a premium-rate number. An interesting feature of the secondary payload is that it prompts to uninstall itself after sending out the premium SMS messages—an obvious attempt at hiding the true intent of the malicious app.
This newest Google Play-Android malware discovery shows that people should be careful about downloading any program, even on authorized app download services.
Source: Symantec blog
22 Comments - Add comment