Google issues remote kill for DroidDream malware
Google remotely eradicated DroidDream from infected Android smart phones, malware that could turn the phones into a mobile botnet.
- By Dan Rowinski
- Mar 07, 2011
Google took steps late last week to rid malware from the Android Market, the application through which Android users purchase and download new applications for their smart phones.
Google last week discovered a malicious package of applications dubbed DroidDream. The applications, over 50 of them, had access to device-specific information, including a phones’ user and product IDs.
In a post to its official Android blog, Google said it had removed the offending applications from the Android Market and had activated a remote “kill switch” to wipe the apps from users’ phones. Although the malware suite had not made the jump to exploiting personal data for identity theft, it would have been an easy road to travel if the applications were left unchecked.
DroidDream was set to function at night (11 p.m. to 8 a.m.) while users were more likely to be asleep and sent information back to a command-and-control server that would give it further instructions, according to ReadWriteWeb.
Android an emerging target for cyber criminals
One approach to smart-phone security: Ranking the apps
Google, unlike Apple’s application’s store, does not pre-screen applications for the Android Market. That makes Android more susceptible to malware that could control device actions while a user was unaware. DroidDream also had code written into it that could access Android Market settings to download applications or make favorable ratings on other malware-stricken applications to increase the likelihood those apps would be downloaded.
Essentially, DroidDream was trying to create a botnet composed of Android phones. Lookout, a computer security firm, posted a detailed breakdown of what the DroidDream malware did when downloaded to a Android device. The actions included downloading a follow-up application that would prevent users from deleting the application.
The ability to download extra applications or extra code that could live dormant on a device had the potential to be very lucrative for hackers in terms of stealing personal information, downloading paid applications from the Market, sending messages to premium text services or phone calls, among others.
Previously, there has not been much malware seen on the Android Market, with most malicious activity coming from third-party application stores. Google has said that it will work with its Android partners, including Motorola and Samsung, and security companies to help manage Android security. It will not pre-screen applications before they are eligible for the market.
Dan Rowinski is a staff reporter covering communications technologies.