NEWS FROM THE LAB - Tuesday, May 31, 2011

New DroidDream Variant Found on Android Phones Posted by Mikko @ 15:31 GMT

Android has become the main target for mobile malware.

Here's "Hot Girls 1", which was still yesterday available for download to your Android phone from Android Market:

hot girls 1

This application was originally harmless. However, a malicious developer called "Magic Photo Studio" downloaded the original application, modified it and re-uploaded it to Android Market.

As an end result, when installing "Hot Girls 1", you might notice that it requires suspicious rights, especially for an application which is just supposed to show you pictures of, well, hot girls:

hot girls 1     hot girls 1

The malicious developer has inserted code that triggers when the phone receives a call.

hot girls 1

The added code will connect to a server and send details about the infected handset to the malware authors. So we're talking about a mobile botnet.

Our Android security product F-Secure Mobile Security blocks this as a variant of the DroidDream trojan, with the detection name Trojan:Android/DroidDream.B.

Dozens of examples of infected applications have been found from Android Market, uploaded under such developer names as Magic Photo Studio, BeeGoo and Mango Studio. Google has now removed them from the Market.