Thursday, March 03, 2011

DriodDream Tries To Bring Nightmares To Android Users. (How To Remove Included In Th Post)

Drioddream Tries To Bring Nightmares To Android Users
If you have Any of these Apps;

  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, click Manage.
Also check (DownloadManageService) in the “running services“ settings of the phone, as shown in the screenshot below.(Symantec)

The breach was first discovered by a Reddit user Lompolo, when discovered that the developer of one of the malicious applications, “Myournet.”  had posted pirated versions of legitimate apps under his name. Lompolo analyzed two suspicious applications and found that they contain exploit code "rageagainstthecage" root exploit - binary contains string "CVE-2010-EASY Android local root exploit (C) 2010 by 743C" ("rageagainstthecage",  is a tool commonly used to root the phone. In legitimate circumstances, ). A blogger at Android Police took a closer look at the malicious applications and verified that they do indeed contain exploit code that can root a user’s device as well code that  can send sensitive information (IMEI and IMSI) from the phone to a remote server.  Android Police also found that there is another APK, hidden as assets/sqlite.db, "DownloadProvidersManager.apk" hidden inside the code, which can steal additional sensitive data.

The Lookout Security Team identified a large number of additional Apps released under the developer names “Kingmall2010″, “we20090202″, and  “Myournet” contain DroidDream and have been suspended from the official Android Market.
My question is the time it took to control these apps, the way how people and developers can contact Google. According to Lompolo;
"Yes, thank you, I was aware of it. I have been trying for more than a week now to get Google to do something about it. I've contacted them through every avenue I could think of, but haven't had a response yet...until today. It seems the developer and all his apps have been removed from the market"
There has to be better way of notifying security issues. The security firm finally managed to contact the Google and get the apps off the market.

In any case, if you have downloaded any of these apps, remove them immediately, if they are not removed already. 

Full list of infected applications published by “Myournet”:
  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠
Full list of infected applications published by “Kingmall2010″:
  • Bowling Time
  • Advanced Barcode Scanner
  • Supre Bluetooth Transfer
  • Task Killer Pro
  • Music Box
  • Sexy Girls: Japanese
  • Sexy Legs
  • Advanced File Manager
  • Magic Strobe Light
  • 致命绝色美腿
  • 墨水坦克Panzer Panic
  • 裸奔先生Mr. Runner
  • 软件强力卸载
  • Advanced App to SD
  • Super Stopwatch & Timer
  • Advanced Compass Leveler
  • Best password safe
  • 掷骰子
  • 多彩绘画
Full list of infected apps under the developer name “we20090202″:
  • Finger Race
  • Piano
  • Bubble Shoot
  • Advanced Sound Manager
  • Magic Hypnotic Spiral
  • Funny Face
  • Color Blindness Test
  • Tie a Tie
  • Quick Notes
  • Basketball Shot Now
  • Quick Delete Contacts
  • Omok Five in a Row
  • Super Sexy Ringtones
  • 大家来找茬
  • 桌上曲棍球
  • 投篮高手


Blog Widget by LinkWithin