30+ Infected Apps Pulled From Android Market 91
Trailrunner7 writes "Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market. There are at least 34 applications that researchers have found in the Android Market in the last few days that had a version of the DroidDream malware dropped into them. Once a user installs one of the infected applications, the malicious component, which researchers have dubbed DroidDream Light, will kick in once the user receives an incoming call. The malware then gathers some identifying information from the phone, including its IMEI number, IMSI number, packages installed and other data, and then sends it off to a pre-configured remote server."
Re:Which ones? (Score:4, Interesting)
Heck with antivirus/antimalware software. That way of thinking means we end up with the arms race that the blackhats will win every time, and our CPU, RAM, and disk I/O will be collateral damage, just like it is in the Windows ecosystem. If we had to have standard AV software, phone makers would have to double the RAM and add an additional core just to handle the continual I/O of a scanning utility.
In reality, you want to go to a genetic HIPS (host-based intrusion protection system) type of architecture that will stop attacks because of the method used, as opposed to definite file signatures. File signatures means you have this dandy database which means jack squat because the 0-days change a couple bytes each version. For example, if malware uses a series of phone numbers, one blacklists that list instead of each executable hash, as there are far fewer phone numbers than changes to executables possible. Why is a HIPS based system better than real time signatures? HIPS systems only fire off when an action is done, and not having to be actively running.
Even better would be to borrow from the Blackberry model, and if an app is about to use a service that is going to charge, prompt the user who/what/when/where/why/how/how much they will be billed for, and allow them to say "yes, don't bother me again", "yes", "no", or "hell no, this app can never do this".