Android users hit by trojan hidden inside fake Google security tool

The security reputation of the Google Android platform has been rocked once again
The security reputation of the Google Android platform has been rocked once again

Ironically, the legitimate version of the utility – Android Market Security Tool – was pushed by Google earlier this month in response to the infections of the DroidDream malware.

As previously reported by Infosecurity, these infections stemmed from the download of infected versions of previously legitimate apps from the Android Market, the online store maintained by Google for smartphone users.

Hackers have subverted the patch/security tool by infecting it with the Android.Bgserv trojan, Infosecurity understands.

According to Mario Ballano, a Symantec security researcher, the fake Google security tool appears to have originated from a Chinese third-party apps website.

The trojan, he reports, seems to be able to send SMS messages if instructed by a command-and-control server located at hxxp://www.youlubg.com:81/Coop/request3.php.

"Analysis of the application is still ongoing, however, what is shocking is that the threat's code seems to be based on a project hosted on Google Code.

The Softpedia news wire, meanwhile, says that repackaging legitimate Android apps with trojans is becoming a common propagation method for mobile malware targeting Google's operating system.

"The trend began in Russia, where the motivation behind the malicious programs was to steal credit by silently sending text messages to premium rate numbers", the news wire noted.

"Then it moved to China where more sophisticated Android malware variants were caught performing click fraud or displaying botnet-like capabilities", it added.

What’s Hot on Infosecurity Magazine?