According to the Android Police portal, a number of apps were downloaded, recoded with the DroidDream malware, and then re-uploaded for free downloading, for a period of up to four days before Google realised and took the apps down from the Market.
Android Police says that the DroidDream malware appears to have triggered an infection on Android handsets, centering on a well-known root exploit. The site has posted a zip file that, when installed, will stop the malware from executing.
Joji Hamada, a security researcher with Symantec, claims that the malware is capable of rooting the smartphone, harvesting data, and/or opening a backdoor.
"We have been seeing a lot of this as of late – threats like Android.Geimini and Android.Pjapps – where the authors release them on unofficial Android marketplaces", he said.
Hamada says that between 50,000 to 200,000 downloads took place within a four-day time frame that the apps were made available.
The malware, he adds, includes Android.Rootcager, an executable that "roots the phone without user consent to perform various activities."
"DownloadProvidersManager.apk is dropped by the malware to monitor installed applications and download additional packages of code as a background service", he said in his latest security blog.
"The malware also attempts to record IMEI and IMSI numbers, which are used to identify mobile phones, and upload the data to an external website", he added.