Lookout Mobile Security has deciphered the DroidDream malware that managed to infect numerous apps on the Android Market. Google has taken action to deal with DroidDream, but the risk of infection is still there given the wide diversity of the Android ecosystem.

A close look at the malware &8212' which was found in 58 now-deleted apps on the Android Market &8212' shows that criminal hackers are coming up with more ways to attack mobile devices. Users had better be more careful and install protections for their phones or they may risk running into the same kind of cyber attacks that are prevalent on the PC. And mobile companies had better beef up their security or face rising liability risks as the cybercriminals attack.

Lookout, which produces a mobile security app, says that the DroidDream malware is a powerful &''zombie agent&'' which can install any applications silently and execute code with root privileges (basically do anything on a phone) at will. Lookout says DroidDream is the first piece of Android malware that uses an exploit, or known vulnerability, to gain access to the phone&'s system code. It can take substantial control of a phone and it generally operates while the user is likely to be sleeping: from 11 pm to 8 am. That means the malware is cleverly written so that the user won&'t notice something strange with the phone.

&''Wea4ôve concluded that its purpose is to download additional applications and install them silently as system applications on the device,&'' Lookout said. &''The first phase of the malware served to gain root access on the device while the second phase predominantly serves to maintain a connection to the server to download and install other files.&''

Once in place, the malware sends the following information to its server: product identification, the partner who makes the phone, IMSI (a unique identification associated with a user), IMEI (a unique identification associated with a mobile phone), the model and software version, and the user identification (though this is evidently not fully implemented on the malware).

Google patched the two vulnerabilities (exploid and rageagainstthecage) used by DroidDream with the Android version 2.3 (code-named Gingerbread). But not everyone has the updated software on their phones. The DroidDream software uses those vulnerabilities to break out of the security container within the Android operating system. That allows it to then install a second application on the device. Once that app is installed, the malware can send sensitive information (mentioned above) to a remote server. It can also download other apps onto the infected device.

Google said on Saturday that it will attempt to &''remote kill&'' the infected apps on users&' phones from afar. It has also deleted all infected apps from the Android Market. But it can only communicate the need to do that to carriers that have their own alternative Android marketplaces. Lookout says its own free security software will be able to detect and delete DroidDream on a user&'s phone. Lookout also says that users should not perform a &''factory reset&'' in hopes of wiping the DroidDream off the phone.

Next Story: Samplify raises $11.2M round for analog chips that can cut electronics costs Previous Story: Google launches counterattack on malware with fixes and &''remote kill&''

Print Email Twitter Facebook Google Buzz LinkedIn Digg StumbleUpon Reddit Delicious Google More&8230'

Tags: DroidDream, malware

Companies: Google, Lookout Mobile Security

Tags: DroidDream, malware

Companies: Google, Lookout Mobile Security

Dean is lead writer for GamesBeat at VentureBeat. He covers video games, security, chips and a variety of other subjects. Dean previously worked at the San Jose Mercury News, the Wall Street Journal, the Red Herring, the Los Angeles Times, the Orange County Register and the Dallas Times Herald. He is the author of two books, Opening the Xbox and the Xbox 360 Uncloaked. Follow him on Twitter at @deantak, and follow VentureBeat on Twitter at @venturebeat.

Have news to share Launching a startup Email: tips@venturebeat.com

VentureBeat has new weekly email newsletters. Stay on top of the news, and don't miss a beat.


Discuss   Add this link to...  Bury

Comments Who Voted Related Links