Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

DroidDream trojan is a nightmare for thousands of Android users

Google waves 'bye, bye' to dozens of malware-laced apps on its Android Market
Google waves 'bye, bye' to dozens of malware-laced apps on its Android Market

The list of infected Android applications include Chess, Super Guitar Solo, Bowling Time, Super History Eraser, and Photo Editor.

Dave Marcus, director of security research and communications from McAfee Labs, commented on the DroidDream trojan: “Analysis has shown that these apps can break out of the typical sandbox that most apps reside in, to potentially gain control over the entire device and its data. In terms of attacks and malware, it doesn’t get any worse than root access, which this malware has.”

Tim Armstrong, a researcher at Kaspersky Labs, said that he downloaded Super Guitar Solo and found it contained the Droid Dream trojan. "The application will attempt to gather product ID, device type, language, country, and userID among other things, and then upload them to a remote server….This discovery is important because up until now most of the Android malware has been found outside of the Android Market, which requires a number of special steps to be taken in order to infect the phones. In this case, users are even able to install from the web with the new Android Market format.”

According to Lookout Mobile Security, Lompolo, a user on the news aggregation site Reddit, discovered the first instances of the malware after noticing that the developer of one of the malicious applications had posted pirated versions of legitimate Android apps under the developer name “Myournet.” Additional DroidDream developers include “Kingmall2010” and we20090202”.

Google has the ability to remotely disable malicious applications from the Android device, but so far has not done so because the applications are under active investigation, noted Lookout.

What’s Hot on Infosecurity Magazine?