Google yanks new wave of malware-infected apps from Android Market

Google (NASDAQ:GOOG) removed another series of malware-infected applications from its Android Market storefront after a North Carolina State University professor alerted the company to the threat. NCSU assistant professor in computer science Xuxian Jiang identified the stealth Android spyware, dubbed Plankton, in at least 10 different Android Market apps from three different developers. All of the infected apps were marketed as add-ons or cheats for Rovio Mobile's wildly popular mobile game Angry Birds--none of the apps delivered gameplay functionality, however, serving solely as delivery vehicles for the Plankton spyware, which collects information including the device ID as well as granted permissions and transmits the data to a remote server via HTTP Post message.

"This spyware does not attempt to root Android phones but instead is designed to be stealthy by running the payload under the radar," Jiang writes on his blog. "In fact, Plankton is the first one that we are aware of that exploits Dalvik class loading capability to stay stealthy and dynamically extend its own functionality... Its stealthy design also explains why some earlier variants have been there for more than two months without being detected by current mobile anti-virus software."

Although Android's open-source ethos is credited as a primary catalyst behind the operating system's enormous growth, malware threats underline the challenges inherent in maintaining an open mobile ecosystem. In March, Google pulled more than 50 free applications said to contain the DroidDream malware, which seeks to gain root access to the user's device, collecting a range of available data and downloading more malicious code to the smartphone without the consumer's knowledge or consent. Late last month, Google deleted an additional 34 apps containing the so-called "Droid Dream Light," a stripped-down version of the original DroidDream virus.

Earlier this month, Jiang alerted Google to "DroidKungFu," another DroidDream variant found in unauthorized Chinese app stores. Two days later, the researcher uncovered YZHCSMS, a Trojan horse that racks up charges by mailing hidden text messages to premium numbers--according to Jiang, YZHCSMS apps were available on Android Market for at least three months before Google eradicated them.

For more:
- read this Computerworld article

Related articles:
Google pushing Android security update post-malware attack
Google nukes dozens of Android apps after malware scare
Google activates Android Market app kill switch
Google yanks PhoneFusion app from Android Market
Banned Kongregate Arcade app returns to Android Market