The Android Market sustained another security breach when developers found 26 applications infected with malware this weekend, according to a mobile security firm.
Lookout Mobile Security, a San Francisco-based smartphone security company, made the announcement on their security blog Monday, saying that the infected apps were tainted with "Droid Dream Light," a stripped-down version of last March's DroidDream. The company also believes about 30,000 to 120,000 users have been infected with malware.
The Lookout Security Team identified the malware thanks to a tip from a developer who notified us that modified versions of his app and another developer’s app were being distributed in the Android Market. Our security team confirmed that there was malicious code grafted into these apps and identified markers associating this code with previously analyzed DroidDream samples. We discovered 24 additional apps repackaged and redistributed with the malicious payload across a total of 5 different developer accounts.
Lookout users are automatically protected from this malware. Google has removed all of the apps known to be infected from the Android Market while they investigate.
The new malware is actually activated by an incoming call which then sends off information from the smartphone to three remote servers. However, unlike the first DroidDream, this new malware needs manual confirmation to install more malicious programs, according to Lookout.
The five infected developers include Magic Photo Studio, DroidPlus, Mango Studio, E.T. Tean and BeeGoo. Lookout also made a list of the apps:
“When you download apps, if some sexy girl app needs to access your phone’s state and identity, that’s a tip off something weird is going on,” said Kevin Mahaffey, chief technology officer of Lookout.
Press: Here tried to reach Google for a comment on the security breach, but the company did not immediately respond to our request.
Apparently Google did respond quickly to removing the infected apps, but we are curious as to how much the Android Market is monitored for malware. Two security breaches in three months isn't a good track record, and it would worry even the most confident Android users. As hackers turn to mobile devices, we recommend that smartphone users install a mobile anti-virus program to protect themselves and their phones.
Magic Photo Studio