Top online and mobile security company Symantec has discovered a new dangerous malware lurking in a third party Chinese android market. The “Android Market Security Tool” is a repackaged clone of the original Android Market Security Tool which was released to remove malware from DroidDream infected devices.
The fake Android Market Security Tool is able to send SMS (text) messages to a command and control server located at hxxp://www.youlubg.com:81/Coop/request3.php
Google took a proactive approach to the DroidDream malware scare by bypassing both carriers and OEM’s and directly pushing their official “Android Market Security Tool March 2011” to devices to remove DroidDream. Typically carriers and OEMs send updates. As a separate note this action alone shows that the upgrade path in terms of Android versions is determined by OEMs and Carriers and not Google, obviously if Google controlled it, it would be more efficient.
It’s unclear how many devices have been affected by the fake Android Market Security Tool because it was distributed on a third party site. The original DroidDream was said to have been downloaded over 250,000 times within 21 infected apps in the official Android market. What’s also unclear at this time is what the perpetrators plan or could do once they gain access to the infected devices via the command and control server.
Android users should be cautious when downloading to their Android device. We definitely suggest a security app from the Android market from a trusted source.