Artem and the crew at Androidpolice.com are reporting, and have confirmed that the “Mother of all malware” has hit the Android market.
Apparently hackers are downloading apps, re-compiling and injecting some popular app titles with malware that roots your phone, sends all your information out and otherwise hurts your Android phone. 21 popular apps have been infiltrated and downloaded nearly 200,ooo times.
Google has reportedly removed the 21 known offenders however it’s unclear if that 21 number is the final number of infected apps.
Lompolo has explained to Android Police:
Link to publishers apps here. I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be.
Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK’s, they both contain what seems to be the “rageagainstthecage” root exploit – binary contains string “CVE-2010-EASY Android local root exploit (C) 2010 by 743C”. Don’t know what the apps actually do, but can’t be good.
I appreciate being able to publish an update to an app and the update going live instantly, but this is a bit scary. Some sort of moderation, or at least quicker reaction to malware complaints would be nice.
EDIT: After some dexing and jaxing, the apps seem to be at least posting the IMEI and IMSI codes to https://18.104.22.168:8080/GMServer/GMServlet, which seems to be located in Fremont, CA.
Android Police also reports that in addition to the easy stuff like hijacking your IMEI, phone identifying information, info, contacts etc these infected apps have the ability to download more code unbeknownst to you.
For more visit Android Police NOW