NEWS FROM THE LAB - Thursday, July 12, 2012

"There's never just one cockroach in the kitchen." Posted by Sean @ 15:57 GMT

There's a reaction to yesterday's post which suggests we find fault with Google for "not doing their job" by letting malware into Play.


We didn't take Google to task on the matter of prevention. It's about its response.

It literally took less than 10 seconds for us to locate a second dummy account being used to push alternate versions of Dropdialer. Google's Android Security team had already removed the first two threats more than six hours earlier. Why was the "Vahtang Maliev" account still online?

Does "Android Security" not know how to utilize Google Search?

Here, let's find another example of Dropdialer:

Google Search: GTA 3

Using "GTA 3", description, and site:play.google.com yields yet another hit with the sixth result.

(Which took us less than 30 seconds to discover.)

Google Search result: GTA 3

And we're still able to pull the app's page out of Google Cache meaning it was only recently deleted:

Vitaliy Orlov, GTA 3 Stone City

This dummy account is for one Mr. "Vitaliy Orlov" and as you can see from the image above, similar bait was used as the other two accounts: GTA 3; Super Mario; Angry Birds; and Cut the Rope.

Hmm. Cut the Rope? Yeah, we've seen that before: last Decemberrepeatedly.

Guess Android Security didn't learn the lesson that "there's never just one cockroach in the kitchen."

When a new threat is identified — start searching for more.

Google's "Bouncer" is designed to prevent malware threats from getting into Play.

Now perhaps Google just needs to take Android security seriously enough to invest in "response" systems.

Seriously, given the massive firepower of Google's back end… once a threat is identified, it really shouldn't take more than six hours for Android Security to hunt down and terminate additional versions of the scam.

We expect better.