DroidDream rears its ugly head--again

Malware that attacked Android apps emerges again, infecting 25 more programs in Google’s app marketplace

Jason Meyers

June 2, 2011

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A new version of the same malware that infected Android apps back in March allegedly has re-emerged, this time affecting 25 more apps in Android’s app marketplace.

The invasion was revealed by mobile security firm Lookout, which estimated that between 30,000 and 120,000 devices already are infected by this version of the virus, which Lookout dubbed DroidDreamLight.

According to the firm, the malware was packaged in copies of legitimate apps and posted to Google’s Android market by fraudulent developers.

Lookout posted in its blog about the discovery:

The Lookout Security Team identified the malware thanks to a tip from a developer who notified us that modified versions of his app and another developer’s app were being distributed in the Android Market.  Our security team confirmed that there was malicious code grafted into these apps and identified markers associating this code with previously analyzed DroidDream samples.  We discovered 24 additional apps repackaged and redistributed with the malicious payload across a total of 5 different developer accounts.

According to Lookout, DroidDreamLight can be activated with a phone call after an infected app is downloaded. The malware then sends identifying information from target phones to one of three remote servers, including the phone’s unique identifiers and information about what other programs are installed.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like