Malware variant pretends to manage Android install files


A new variant of a malware targeting Google Inc.’s Android operating system is masquerading as an APK manager software.

Computer security firm Trend Micro said the variant of DroidDreamLight was downloaded “50 to 100″ times before it was yanked out of the Android Market.

“The malware sample we found, detected as ANDROIDOS_DORDRAE.M, is inside an app called App Installer. Once executed, the main class of the app starts the malware service called AppUseService,” it said in a blog post.

APK is a file format used to distribute and install apps on Android.

Trend Micro warned the malware service still runs even if the app is not executed, and that it can be started when an the device makes or receives a call.

It said the malware gathers information from the device and then uploads it to its server when it phones home:

  • Device model
  • Device language setting
  • Country
  • IMEI (International Mobile Equipment Identity) number
  • IMSI (International Mobile Subscriber Identity) number
  • List of installed app together with the app name, package name, package version

But Trend Micro said it could not access the servers indicated in the malware during its analysis.

Users can check if their phones are infected by going to SettingsApplicationsRunning Services, and manually remove the malware from their system by going to SettingsApplicationsManage Applications to uninstall the infected app.

“Users are likely to encounter other Android malware posing as legitimate apps due to the Android Market’s ‘open’ nature,” Trend Micro said.

User intervention required

Trend Micro said the DroidDreamLight variant does not use exploits and will need user intervention to install its downloaded components.

It said there is a possibility the malware may masquerade as an update for an installed app.

“Based on its code, the malware is capable of showing download/update notifications. That way, all it has to do is use the name of an application on the retrieved list of applications, and display the notification with a malicious link from the server,” it said. — LBG, GMA News

Article source: http://www.gmanews.tv/story/230060/technology/malware-variant-pretends-to-manage-android-install-files

View full post on National Cyber Security » Virus/Malware/Worms

Gergory Evans

Leave a Reply