Last week, Google launch an unusual security initiative by releasing its own “Android Market Security Tools March 2011” to remove the trojan DroidDream from infected users Android phones and devices. The action was unusual in that it was initiated by Google itself, rather than released to mobile operators who, in turn, pushed it out to customers.
Now, attackers seem to be using Google’s release as a new attack vector: Symantec has announced that new Android malware (which is has dubbed Android.BGserv) is circulating and posing as Google’s legitimate security update. The exploit seems to be set up to send SMS messages in response to commands it can receive from a command-and-control server, although so far it doesn’t seem to have been activated. Symantec says the malware was found in an “unregulated third-party Chinese marketplace.”
However, what may be most interested about this malware is that it appears to be based on an open source project hosted at Google Code and available to anyone under the terms of the Apache License.
The DroidDream trojan uses two exploits to download executable code to Android devices. Although Google fixed the vulnerabilities in Android 2.2.2, many Android users have not received updates from their carriers yet, and many older Android devices will not be updated to the newer software. Google’s Android Market Security Tool March 2011 does not actually patch the vulnerability on these devices, but does remove the DroidDream malware.
Editors' Recommendations
- Your Google One plan just got 2 big security updates to keep you safe online
- Android rebrands mobile security measures under one umbrella
- Google just added 6 great features to Android, from security to accessibility
- Google’s Android bug bounty program announces a $1 million prize
- Android 10 update seemingly breaks Wi-Fi on the Google Pixel 2