Join Transform 2021 this July 12-16. Register for the AI event of the year.


Dozens of apps have been pulled from the Android Market because they have been infected with malware. The infection is one of the worst to hit the mobile market, which has been relatively safe from malware attacks compared to the constant barrage of infections on PCs.

The malware attack shows that Android’s big advantage — the openness that gives it an edge over Apple’s closed mobile ecosystem — is also Android’s biggest disadvantage when it comes to protecting users against cyberattacks.

While Apple screens its apps, Google allows just about anybody to upload apps into the Android Market. It hopes to head off bad stuff by putting power in the user’s own hands to grant permission for apps when they want to access sensitive things.

Apps released by developers under the names “Kingmall2010″, “we20090202″, and  “Myournet” contain the DroidDream malware and have been pulled from the Android Market. Google could remove infected apps as well using remote technology, but it has not yet done so. Lookout Mobile Security has a list of all of the apps that have been pulled. The apps reportedly could compromise a user’s personal data.

The malware was discovered by a user named Lompolo on the popular news aggregation site Reddit. The user noticed that the developer of one of the malicious apps had posted pirated versions of legitimate apps under the developer name Myournet. Lookout also said that it identified a large number of other apps that also contain the DroidDream malware and it is working with Google to get those apps removed.

Lompolo found that two suspicious apps had been created in a way that allows them to break out of an Android app’s security sandbox, which isolates code to prevent security breaches. A blogger at Android Police verified that they contain code that can steal a user’s sensitive information.

Users who have downloaded the infected apps may have had their data compromised. Lookout said it has pushed out an update to its users of its mobile security software that will protect them from DroidDream attacks.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member