Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 10th, 2011

Android Market Security Update Released By Google Contained Mobile Trojan

Chinese hackers are distributing a mobile trojan to users as a repackaged version of the Android Market security update released by Google last week.

Repackaging legit Android apps with trojans is becoming a common propagation method for mobile malware targeting Google’s operating system. The trend began in Russia, where the motivation behind the malicious programs was to steal credit by silently sending text messages to premium rate numbers.

Then it moved to China where more sophisticated Android malware variants were caught performing click fraud or displaying botnet-like capabilities. The problem reached a global audience when over 50 apps were rigged with a trojan and published on the Android Market under different names.

Google took them down last week shortly after being notified and used the remote uninstall feature to remove the trojan from infected devices. However, the malware also used a public exploit to root the device before installing itself, so the company also pushed an over-the-air update called “Android Market Security Tool” to undo it.

Security researchers from F-Secure and Symantec now warn that Chinese hackers have ironically repackaged this security tool with a new trojan dubbed Android.Bgserv.

Like most Android malware, Bgserv sends device identification codes (IMEI) to a remote server and can receive commands. According to Symantec, it can be ordered to send SMS messages to a number specified by attackers which means it can theoretically be used to steal credit.

“Analysis of the application is still ongoing, however, what is shocking is that the threat’s code seems to be based on a project hosted on Google Code and licensed under the Apache License,” the Symantec experts write.

The trojanized app is distributed from unregulated market places, which are common in China where there is no official Android Market. “This malware appears to be specific to a mainland Chinese network, as it contacts the number 10086 (related to China Mobile Net) and uses the new APN with the name ‘cmnet’ inserted in the APN list,” note security researchers from F-Secure.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Patch For Android Security Flaw Released By Google And T-Mobile
  • Rogue Phishing App Spread Through Android Marketplace
  • Hackers Jailbreak T-Mobile’s And Google’s Android Phone
  • New Symbian OS Malware Silently Transfers Mobiles Account Credit
  • Web Sessions Over Protected Wireless Networks Can Be Hijacked With An Android App

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Android Market Security Update Released By Google Contained Mobile Trojan

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.