Monday, June 13, 2011

Google Removes Another Bunch Of Plankton Infected Apps From Android Market

Google Removes Plankton Infected Apps
Infection by malware has forced Google to remove ten more apps from the Android Market. The Spyware delivered by various means installs a code known as Plankton on Android devices. The code was detected  and reported by Xuxian Jiang, an assistant professor at North Carolina State University's Department of Computer Science.
Earlier this month, Google removed Apps infected by another malware, DDLighr or DroidDream.
"While continuing an Android-related research project after the discovery of the DroidKungFu and YZHCSMS malware, my research team also came across a new stealthy Android spyware in the Official Android Market. This spyware does not attempt to root Android phones but instead is designed to be stealthy by running the payload under the radar. In fact, Plankton is the first one that we are aware of that exploits Dalvik class loading capability to stay stealthy and dynamically extend its own functionality. Our investigation indicates that there are at least 10 infected Android apps in the Official Android Market from three different developers. Its stealthy design also explains why some earlier variants have been there for more than 2 months without being detected by current mobile anti-virus software. " Jiang wrote in his article on the subject.
Webroot Threat blog also wrote about the Plankton after their analysts Andrew Brandt and Armando Orozco investigated the Plankton and discovered that it mostly taking advantage the popular game series Angry Birds. "Some of the samples we looked at came as Android apps with names like Angry Birds Rio Unlocker v1.0, Angry Birds Multi User v1.00 or Angry Birds Cheater Trainer Helper V2.0," they wrote on Threat Blog. According the the researchers, detecting the code was not a major issue and the way it was installed makes it easier to remove the code from the phone.
The developers of the malare developers are elusive at the moment. Always exercise care when you get new apps.


Blog Widget by LinkWithin