[the_sleuth]

People complain about how long it takes for new app to be approved by RIM for Appworld
but its better than downloading a trojan on your phone:

Data-stealing malware hits Android Market
updated 8/22/2011 4:45:28 PM ET

More bad news for Android smartphone owners � a new variant of a scary data-harvesting Trojan has been found in Google's official Android app market.

"App Installer" is marketed as an app designed to help users manage their .APK files, but in reality it harbors a variant of DroidDreamLight, a Trojan that steals victims' sensitive phone data and downloads malicious code to infected smartphones from remote servers, the security firm Trend Micro reported.

(DroidDreamLight, discovered hiding inside 24 Android apps back in May, is itself a variant of DroidDream, which hit the Trojan scene in March and was found lurking in more than 50 apps in the official Android market.)

[Safeguard Your Android Smartphone Before It's Stolen]

Once a user downloads the rogue App Installer, it initiates a service called AppUseService that sends the phone's identification data to a remote server every time the phone makes or receives a call.

Google has removed App Installer from the Android app market, Trend Micro wrote, but not before it was downloaded 50 to 100 times.

Even without DroidDream and its descendants, there are still, unfortunately, plenty for nasty Android threats for owners to worry about.

Earlier this month, researchers found an Android Trojan called "Androidos_Nickispy," which can intercept text messages, call logs and GPS locations from infected phones and even answer incoming calls.

Every Trojan needs an attractive host, and Androidos_Nickispy found a great one; it masked itself as a legitimate app from the popular new social networking service Google+.

There's now a market for people looking to make money off this phone-monitoring malware. Trend Micro found a Chinese website that sells back-end access to a server where, for between 2,000 and 6,000 Chinese yuan (about $300 to $940), they can retrieve emails, calls and texts from a target phone.

Trend Micro wrote that the service only allows customers to spy on phones running Symbian or Windows Mobile software, but "We won't be surprised, however, if they soon offer this to those who want to target Android users, especially since spying applications such as Nickiskpy are already being actively distributed on the Web."

To protect yourself from these and other threats, make sure you run anti-virus software on your smartphone. A list of options can be found here.

Data-stealing malware hits Android Market - Technology & science - Security - msnbc.com

[Rootbrian]

Not related to blackberry.

Posted from my CrackBerry at wapforums.crackberry.com

[Jake Storm]

Not related to blackberry.

Posted from my CrackBerry at wapforums.crackberry.com

Actually it is.
This is the reason many people will stick with their BlackBerry and not switch to an Android based phone. Nice try though.

[Rootbrian]

Actually it is.
This is the reason many people will stick with their BlackBerry and not switch to an Android based phone. Nice try though.

Well, I wasn't trying to derail it. It's likely one dark side developer wanting to have control over a mobile botnet for his own purposes.

Posted from my CrackBerry at wapforums.crackberry.com

[qbnkelt]

This is not news.....in the sense that there is always some type of news like this, seemingly on a monthly basis.

[mjs416]

Another android malware tragedy. Hopefully people catch on with this type of crap.

[Rickroller]

Yawn...

Did this thing even make it a full day on the market? 50-100 downloads before being yanked? Out of how many millions of Android users? Lol..I encounter more viruses at my local Walmart..

[TheScionicMan]

But what other app markets is it floating around in? Along with the other 50+ that were only removed from Google's App Market?

[Rickroller]

But what other app markets is it floating around in? Along with the other 50+ that were only removed from Google's App Market?

Well if your downloading stuff outside the official App market..then its buyer beware. Android is open source ..so of course its going to be subject to much more attempts at debauchery..that's why a user has to be smart..and pay attention to peer/user reviews..and not just install ****e that isn't proven.

Tinfoil hats also help to ward off the bad guys..

[TheScionicMan]

Well if your downloading stuff outside the official App market..then its buyer beware. Android is open source ..so of course its going to be subject to much more attempts at debauchery..that's why a user has to be smart..and pay attention to peer/user reviews..and not just install ****e that isn't proven.

Tinfoil hats also help to ward off the bad guys..

When half of the malware has been hidden and repackaged in popular apps, how is a review going to help you?

I agree its Buyer Beware, its just that there's a LOT more to beware on the Android platform.

Hiding ones head in the sand is a good way to not worry, but doesn't provide much actual protection.

[Rickroller]

Who says these apps are even popular? You're assuming that malware is already in existing popular software that everyone is downloading..like angry birds or something. Its not..its being packaged into new apps that they try to sneak on the market..and while many make it on..they don't seem to be on for very long until someone catches wind and Google yanks them..

[TheScionicMan]

With Google, anybody can upload an app to any site – and there is where much mischief arises. A huge trending problem is with cyber criminals taking a legitimate app and “repackaging it,” as the cyber security experts put it. What that means is that malware is injected into an otherwise legitimate app and it is very easy even for savvy users to fall victim.

Forecasting a Tidal Wave of Android Fraud

[Rickroller]

Sounds scary..but so does the boogey-man. If / when my phone ever gets cyber jacked..then I suppose I'll deal with it. Until then ..I'll personally be enjoying my phone for what it is..and all the good and bad that comes with it.

But for every problem that arises..there will always be solutions. Its no different than all the worries about computer viruses and whatnot in the 90's. And to the best of my knowledge computers haven't ceased to exist yet nor has "cybertheft" become a huge plague upon society. Its there..but I don't see mass hysteria about it. People protect themselves and their computers..and continue functioning along with there everyday lives.

[Tre Lawrence]

An app that manages apks? That should be a red flag in and of itself.

Plus, I still believe peer review is a powerful tool.

[TheScionicMan]

I never said people should pull their batteries and toss the phones out the window, but you saying there's nothing to see here, move along doesn't help anyone. It's not 50-100 people, it's in the millions, and yes, I'm sure you won't care until if/when you get compromised but there's really no reason why this information shouldn't be shared here. It's not someone baselessly slandering Android, there's no need to be so defensive...

[TgeekB]

Better not use a computer then because it's thousands of times worse on them. Be smart as with as with every form of modern technology.

[Tre Lawrence]

Better not use a computer then because it's thousands of times worse on them. Be smart as with as with every form of modern technology.

Exactly. The biggest threat to any platform is the user him/herself.

[Slingbox]

Better not use a computer then because it's thousands of times worse on them. Be smart as with as with every form of modern technology.

Exactly. The biggest threat to any platform is the user him/herself.

+1




10char

[TheScionicMan]

Be smart as with as with every form of modern technology.

And a good way to be smart is to stay informed, but whenever this type of information gets posted in this sub-forum, there's a certain bunch of people who act like its blown out of proportion or for whatever reason get all defensive of Android. Looking back at this thread, it wasn't posted with any over-the-top histrionics. It's odd that so much opposition was...

[Tre Lawrence]

Opposition? Where? Who is opposing what you say? We all enjoy the PSA that was posted, which, no doubt, was to inform us of the issues at hand.

[the_sleuth]

Joe Friday, "Just the facts ma'am"

McAfee: Threats Report Q2 2011:

McAfee: Android malware surges 76%, iPhone untouched | Electronista


I think this is bad for all smartphones. With NFC, thieves/hackers/con artists will be after your phones.

Android App Player might make QNX phones vunerable.

Users must remain vigilant

[ILUMINATIUNDEAD]

That's why I'll just stick to the apps that have been downloaded thousands of times.. the safe ones. look out for the suspicious ones!

[lssanjose]

Exactly. The biggest threat to any platform is the user him/herself.

PEBCAK defined so clearly

[Rickroller]

It's odd that so much opposition was...

Don't confuse opposition with lack of caring. I know all you (not you specifically) BB users spout security as a main reason for sticking with RIM..but most of us here aren't going to be swayed by these "scare tactics". An antivirus software company telling me virus's are going to get me? Oooohhh...it's like a pharmaceutical company telling me I NEED to take their drugs..

Until the day comes when someone hacks my phone..accesses my bank account..and transfer's my billion dollars in savings to some swiss bank account..THEN i'll be concerned about that "bogey man" hiding under my bed..But if it hasn't happened on my computer yet..I'm really not too worried about it.

[TgeekB]

There is nothing wrong with being informed about potential threats. That's just plain smart. But that does not mean a certain platform is not safe. It used to be the same thing between Windows and Mac. All the hackers went after Windows computers because 95% of people used them. They are still in business. Android has become very popular and thus a big target for people who have nothing better to do than steal and harass. Be smart and you will be OK. Android will survive.