Google Pulls 21 Malware Apps with Trojan Rootkit from the Android Market, Infected Over 50K Users

Google has pulled 21 apps from the Android Market that were infected with a backdoor Trojan rootkit. If you downloaded any of the infected apps, they will be automatically deleted from your phone.According to Android Police, the apps include a feature that automatically roots the phone (using the well-known rageagainstthecage rooting tool), which allows it […]

Google has pulled 21 apps from the Android Market that were infected with a backdoor Trojan rootkit. If you downloaded any of the infected apps, they will be automatically deleted from your phone.

According to Android Police, the apps include a feature that automatically roots the phone (using the well-known rageagainstthecage rooting tool), which allows it to download and execute arbitrary code. Even though Google has pulled the infected apps, these downloaded bits of code could still remain on over 50,000 infected devices. If you think you be infected, you might want to perform a factory reset.

The offending apps from publisher Myournet:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • ????_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • ????
  • Advanced Currency Converter
  • App Uninstaller
  • ????_PewPew
  • Funny Paint
  • Spider Man
  • ???

Real App:

Android Readl App

Myournet's virused-up version:

Myournet's virused-up Android App

The attack vector was ingenious, and plays on the Android Market's biggest weakness: the almost complete absence of app moderation. The scary thing is, there's nothing to stop the same app publisher from creating more malware-infected apps in the future. The nefarious developer crafted 21 apps that share the name of legitimate apps (such as 'Chess'), and into each of them he inserted some Trojan code. The apps then quietly report your sensitive data back to a remote server, while you play with your free app.

[Source]