Android Market app ‘jacked, rewritten and infected

A recently coded Android security tool has been ‘jacked, rewritten, infected with malware and uploaded to alternative Chinese app markets.

As TG Daily previously reported, the digital utility was created in an effort to remove all malicious applications infected with Droid Dream malware and prevents their installation. 

According to Sophos security expert Vanja Svajcer, the Trojanized version of the tool (Troj/Bgserv-A) is packaged with open source Java code lifted from a project hosted on Google’s own online source code repository.

“The project includes functionality to send MMS messages in the background, for example, when the device boots up,” explained Svajcer.

“[Still], a suspicious user will immediately notice the difference between the fake and the real Android Market tool if they check the permissions required at installation.”

To be sure, the original tool only required three permissions, while the Trojanized version demands additional authorization for “services that cost money” as well as the device location.



Another difference can be found in the version number of the app package – as the Google tool version is named 2.5, compared to the ‘jacked tool which only carries a version 1.5 ID.

Although the latest strain of malware does not affect the Android market itself, Svajcer warns that many people, especially in China, will be quite “happy” to install a free tool which ostensibly shields them against malware attacks.

“An attack pattern of creating a fake security tool that detects non-existing threats is very common in PC world and already brings a lot of income for cybercriminals,” said Svajcer.

“Judging by the popularity of Android devices and the recent increase in malware attacks, it may be just a matter of time before we start seeing highly suspicious products like Antivirus Android 2012 on the market.”