Google has removed over 50 malicious apps from its Android Market and issued a security patch, after eventually admitting multiple malware attacks that compromised a number of Android-powered handsets last week.
According to the company, its Android team has also suspended the associated developer accounts and “remotely” deleted the infected apps from affected devices.
“This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” wrote Android security engineer Rich Cannings on the company’s official mobile blog.
Google believes the attackers were able to acquire only “device-specific” information – IMEI/IMSI, unique codes used to identify mobile devices, and the operating system version detail – but admitted other data could have been accessed.
The infected apps contain rootkit malware called DroidDream, which can take command of a mobile handset, send personal details to a remote server, download and execute new code.
To prevent further exploit, Google has been installing a security update dubbed ‘Android Market Security Tool March 2011’ to all affected devices.
Users who downloaded a malicious app will receive an email from android-market-support@google.com, followed by a notification that the app has been “automatically” removed.
The infected apps were said to have seen 50,000 to 200,000 downloads in four days. However, the company has announced the DroidDream malware could not affect Android versions 2.2.2 or higher.
Meanwhile, the malware incident has raised even more concerns over security issues facing the Android platform, including the one-time £15 entry fee that Google charges Android app developers.
“The entry barrier could definitely be made a bit higher, as it would make the creation of fake developer accounts more expensive,” said Vanja Svajcer, principal virus researcher at Sophos, explaining that the higher fee would prevent the attack pattern from “becoming a daily event”.
Svajcer also pointed out that the rate at which new Android malware is appearing is on the rise.
“The openness of the platform as well as the availability of alternative application markets makes Android-based devices more difficult to secure,” he added.
Following the malware attacks, the tech giant said it is adding a number of measures to sweep malicious applications from its Android Market, while providing fixes for the underlying security issues.
SoftBank-owned UK chip design firm ARM Holdings to develop AI accelerator chips for data centres…
Aggressive hackers behind hacks on Las Vegas MGM and Caesars casinos launch new campaign as…
Lawyer for Australia's eSafety Commissioner says X wants to overrule government on what are 'reasonable'…
EV maker Zeekr, controlled by car giant Geely, valued at nearly $7bn as investors heartened…
Elon Musk says Tesla to spend more than $500m on charger network expansion this year,…
San Francisco judge says social media platforms such as X have no right to arbitrarily…