«
»

260,000 Android handsets infected with trojans

March 6, 2011 | By Surur

android-virus-1We don’t normally spend too much time on the failings of other mobile platforms (else there would be no space for anything else) but the recent kerfuffle about infected apps on the Android Market is pretty significant.

We have known for about a week now that infected applications have been found in the Android market.  The apps are popular applications that have been downloaded by hackers, infected with trojans and then uploaded for free to Marketplace under attractive names such as Super Ringtone Maker,Super Sex Positions and Super Guitar Solo.

Analysis of the code shows the trojans upload IMEI and IMSI numbers, product ID, model, language, country, and userID, but much worse still has the ability to download more code from remote servers, which, since the app has root access, could do anything, from spying on users to dialling expensive premium numbers.

Google has now released some information about the scale of the attack.  58 apps are known to be affected, and have now been removed from Market, but not after they were downloaded 260,000 times. The apps gain root access using a flaw in Android 2.2.1 and lower, which the vast majority of Android handsets run, most of which will not see upgrades any time soon.

Google has now said they would uninstall these apps remotely, and that they would take new measures to enhance security. These does not however remove any extra downloaded software, and does not patch the hole in Android 2.2.1 and lower in any case.

The number of serious failings highlighted in this incident are pretty high, from security flaws in the OS, the ability for hackers to steal applications from other developers and upload them under their name to Android Market, the ability to upload infected code to Market, to the fragmentation in the Android OS which will allow tens of millions of Android users to remain vulnerable to further exploits in the future, and all of this argues that Android is the typhoid Mary of mobile operating systems.

58

About Surur

Site Admin and Windows Phone enthusiast, he has been using Windows Mobile devices since before they were called PocketPC’s. He is currently sporting a HTC 7 Trophy.

Tagged , ,
  • Shawn

    Lol, open source, lol.

    And people say they don't want a windows phone because of viruses. Morons.

    • applejack

      Great thing about open source is that Google/your carrier won't give your device the OS update/feature you want, Cyanogen will (even the old G1's do tethering now at no cost to you). You're really griping about the open app store here. If WP7 was open, developers wouldn't be complaining about missing APIs.

      These weren't viruses btw. They were apps that root the phone. 260k is about 0.25% of Android installed base and it's already fixed. Who cares again?

      • Lennard

        but hurt much?

      • Jason Duffus

        And it has not already been fixed. Just removing the apps from the MarketPlace is not a fix. Tell take to all that were affected. The issue is that all current exploits in the OS need to be fixed. The whole marketplace approval process will need to be fixed. Same with the other android app stores. Though I have developed Android for work, I do feel neither, Google. OEMS and carriers have learn from the mistakes of Windows Mobile (And not WP7 – different OS es altogether), thus leading major issues like this.

        And people may hate me for my statement, but I honestly feel that Open Source OS has never really excelled long term (2-3 years is not long term) in the consumer market. For the Openness of these systems are it greatest advantage and disadvantage are in the same breath. To me, for Open Source OS to excel and satisfy the techie as well as the average user, the OS to be closed but open enough for extensibility, pluggability, etc.

        The fact that you have to have an antivirus on your phone is a big fail.

  • I hate WMPoweruer

    Surur, at the present moment I would rather have an Android phone because it actually has apps. I'll just make sure that I don't download "Super Sex Positions." My current Windows Phone is pissing the hell out of me because it has practically no applications and lacks basic functionality. Microsoft is taking their sweet-ass time with the update process so I really want to pick up a superior Android device instead. Also, in response to your article, Google is patching this security exploit and you had to be retarded to download these applications.

    • http://twitter.com/counterblow @counterblow

      what 4th world country are you in? can you be serious?

    • Barry Allott

      Please note the 'basic functionality' that its missing and how this is affecting your life.

    • http://twitter.com/MaulerX @MaulerX

      You my friend, are a moron. How can someone be held accountable for downloading an infested app when they did not know the app was infested to begin with?? Very easy for you to say that after the fact, eh?

    • Agha

      Look at his Nick: "I Hate WMPoweruser"…So why are you on wmpoweruser.com if you hate it? And btw: Its better too have 9000 single apps that 30000 apps where 50% of them are repetitive or fart apps…And who knows how much of them are infected…Oh I forgot you know which of them are infected and you won't install them…

    • Moki

      Which Windows Phone do you have and which apps are you lacking?

      . . . 260,000 retards so far . . .

    • Hatorade

      You are really BI-WINNING!!!!!!!

    • Bart Willeman

      Bit rude to call 260000 people retarded

  • Anthlog

    :D

  • CalumCookable

    Number of Windows Phones with viruses? Zero. Oh sweet, delicious irony. These open-source-tards have had this coming for decades.

  • CalumCookable

    "Have you tried rooting it? No? God you're so stupid, you don't deserve a phone like this, you don't even know how to unleash the true power of Android!!!!!11!!1!!!!1"

    • Arkane

      but that's the problem. android isn't for the everyday user.

  • wp7 glitch
    • Rob Harris

      That's obviously not a WP7 glitch…some sort of hardware problem.

    • Brianna

      That's a defective hardware.

    • Lennard

      you're trying but fail. maybe next time

    • http://twitter.com/jessiethe3rd @jessiethe3rd

      Aww look… it's a hot steamy bowl of FAIL.

  • http://twitter.com/MyNameIsLOS @MyNameIsLOS

    Jealousy is an ugly face. Can't we all just get along? Windows Phone has some positives/negatives and so does Android. In the end it comes down to personal preference and no "nerd" can argue what is better.

    • P. Douglas

      Are you kidding? If Windows Phones had this problem, the blogosphere would be cheering and gleefully writing MS' obituary! There is clearly a double standard when it comes to discussing MS, and everyone else. In comparison of MS haters, the above remarks are very subdued about Android.

      • applejack

        If 0.25% of WP7 users had a problem, no one would know.

        • http://twitter.com/DJMicMayhem @DJMicMayhem

          A insanely small amount of WP7 users on couldn't get a non-update and it was front page news on every major tech website all calling for Microsoft's head saying their phone system a failure.

          I think you underestimate the sheer amount of people praying for this OS to fall on their face.

        • http://twitter.com/MaulerX @MaulerX

          You must live under that newly discovered crater in the moon. A small fraction of Samsung owners had trouble with the pre-noDo update, and yet, EVERY SINGLE tech site reported it as some kind of super fail.
          You can't possibly look at anyone with a straight face and not admit the double standard. Gotta love it though. Moments like these that bring the best out of the Fandroids.

    • Agha

      Why should we be quite…If someting like that happens to WP7 Andrios morons would freak out….So I really enjoy reading this article and isnt it irony that open source is full of viruses while wp7 without any virus…HAHA!!!

  • Agha

    HAHA!! I love jealousy!

  • Ram

    >>Google has now said they would uninstall these apps remotely, and that they would take new measures to enhance security.

    This shows Google's big brother nature. Remember last time when Amazon removed a book from Kindle everyone was crying for big brother hand of Amazon. If it were Microsoft everyone including Apple Fanbois, Linux Lunatics and Android robots would cry all over the Internet, but now no one is complaining about it. Cue the double standards.

  • Agha

    (I mean then not that)

  • Onceawinmoguy

    To put this in perspective,less than one day's worth of phones activated on Android have downloaded an application that could cause these issues……secondly, I don't feel that confident that I would be so in Android users faces over this. Nothing says this couldn't happen to WP7 at some point in the future. I'd feel like a fool with egg on my face.

    It's always fun to laugh at the other Guy's problems……

    • GP007

      You can try to sugor coat it by saying less than the number of phones that are activated daily but so what? A day ago MS said around 100 people had problems with the pre-update patch and everyone was up in arms over that. Like another poster said up above, what's with this damn double standard towards MS?

      One of the advantages of managed code is it's security through the lack of bugs or some coders crappy efforts that create bugs/holes/exploits. It's also harder to slip in a malware infested app, let alone 50 of them, the way MS goes about checking things like crazy. Google just let the doors open so anything could get in because of there silly need to ramp up app count to counter Apple, now they reap the rewards of that stupid idea.

      • Wanderer

        Sorry but you have no clue what you are talking about with respect to managed code, security holes and so on. You have not. Please talk about other stuff.

    • Omz9

      You can not underline the vulnerability of androids, one the key reason why blackberry rim's are still very popular with government, IT, and enterprise.

  • http://twitter.com/EJ1024 @EJ1024

    Oh shoot, I just hope this story is true

  • Microsoft

    android is a fragemented, spyware-filled POS

  • Samuel Takara

    This is unfortunate, but highlights how (too many) people have no idea of safe computing practices. I hope Adobe is doing their best on security since Flash and PDFs are big security risks (is Flash still coming to WP7).

  • majg

    Devs have to stop exploiting users to get their data… Google hates competition.

  • toddard

    What is the point of this article? It plays loose with the facts (260K downloaded apps does not necessarily equate to 260K infected phones), and calls Android the 'typhoid Mary' of mobile operating systems. I own a Samsung Focus and I love it. In reading this article, I was hoping to get some insight into why WP7 is different than Android, and how those differences could minimize the risk of something like this happening with what I think is the best mobile OS in the market today. Frankly, I think spouting Android FUD is beneath you guys.

    • http://www.frazell.net Frazell Thomas

      Wait, so you download apps from the app store that aren't then installed? The few moments I played with Android on my brother's handset was that it installed applications as soon as it completed downloading them from the Market. If that is still the case then it would be fairly accurate to say 1 download = 1 install. The only thing that could push install/infected numbers above that of the download number would be sideloading, but no one would be side loading directly from the marketplace (somehow stopping the automated install to trigger a manual sideload somewhere else).

      • toddard

        My point was that the idea of 260K downloaded apps translating to 260K infected phones assumes that each phone downloaded only one of the bad apps. It is more likely that at least some phones had two or more of these bad apps installed, so the actual number of infected phones is fewer than 260K.

      • toddard

        Time for me to eat crow. The linked article that serves as a source for this piece states that the bad apps were downloaded onto around 260,000 devices. The article above stated that the apps were dowloaded 260,000 times (the number is likely higher for reasons I already stated), and I assumed incorrectly that this was what was being stated by Google. So, I apologize for accusing the author of playing loose with the facts.

    • Samuel Takara

      I agree on the one hand (no need for FUD), but on the other I think its a necessary reminder that there are people who will do these things and we should not let down our guard just because we're using a smartphone. This time its Android. Next time it could be us…

      • toddard

        I agree. And if this article were to serve as a reminder that we need to be careful with the apps we download, I would not have been so critical. Instead, it just uses this issue to take cheap shots at the competition. I would rather read an article that addressed the possibility of this happening on WP7, what Microsoft might do about it, and what we as users could do to safeguard against it.

  • The Dude

    I agree with Toddard, what is the point. Write when WP7 is coming to Verizon, which I am patiently waiting for.

  • http://twitter.com/volwrath @volwrath

    Why would anyone want a WP7 when it is locked down tighter than the iphone? I remember the day when Surer enjoyed a hackable OS. I guess he enjoys that google adsense too much :p

    • Omz9

      Times have changed, corporations have changed, the times of modding your PC, your old windows mobile device, your laptop all those have changed. It's time that we as individuals also change. There is no need to to have to hack into every little thing, especially our mobile phones. The importance here is having a protected environment. By having a secure eco-system it gives developers a clean slate to spend time and energy doing something they love. More apps mean more value for all of us users. Time is telling us that only a tight secure environment is the one that will prosper with longevity, while open might be fun for some but maybe too open when it comes to mobile.

    • AhTiong

      Why would anyone welcome FRAGMENTATION like Android? I bet consumers will rather have a mobile that has stable updates regardless of security or performance. As an average consumers, I don't give a damn to modifications or cooked roms because those do not give me assurance that my phone will be safe from hackers / malicious codes…

  • Omz9

    Regardless this shows androids true vulnerability. Imagine a country like North Korea being able to infect cell phones here and gather information on every American in the US. the idea is not far fetched and we haven't heard any thing to this scale on iOS and hopefully we wont hear it on the WP7. It's hard to tell what makes WP7 superior at this point but time will tell. This article more importantly to me shows the misconception that can be aroused when we say that the android market place has 300,000 apps for example that they may not all be quality apps, the Microsoft hate mongers or the Google supporters that are responding to this article are at best delusional. This article does not scream WP7 superiority but android's weakness inlight of stuxnet I find this article quite relevant. Hopefully all OS'es can learn from this it stands to benefit us all, until then android users you are all more then welcome to a secure Windows Phone near you.
    B)

  • AhTiong

    IMO, this is pretty normal in the IT world. Look at Windows. It has so much higher infection rates than other OSes out there. That's because Windows is more widely used in the world. Same theory applies to Android. It is much more popular and getting more and more famous in the mobile world.

    Likewise for WP7. If WP7 is able to pick up speed in terms of popularity, I bet things like this will happen too. Especially when MS is to open up more for Nokia phones, I think the game play will be different then.

    • timnfl

      While I agree with the your statement that this is a result of the rising popularity of Android, I disagree that this is a problem that MS will face has it rises in popularity. The iPhone which was the top dog for years didn't have this issue because of the iOS's locked down infrastructure. The few cases where iPhones were hacked were due to the phones being jailbroken and sideloading apps. Because of the way that WP7 is designed even the sideloaded apps still have limitations because of the lack of "native code".

      I for one, am happy that MS has not given every potential hacker in the world complete access to my phone by providing a native SDK. I understand that until they figure out a way to implement the necessary API, there will be apps that will not run (Skype, Pandora, etc…), but that is a small trade off with me not having to worry about my data being stolen.

      • AhTiong

        Hmm.. As far as I know, there are also exploits for iOS if user jailbroken it…. So, nothing is not impossible, especially when comes to s/w.

      • Wanderer

        That is quite naive. Actually WP7 does not have some magic design which prevents sideloaded native apps from executing or something. Once someone can jailbreak in the system (and it can be done it has been shown) you can execute also native code (CE binaries) of course and you get access to everything in the system. Ah Thiong is right. You just don't see that on a large scale yet because the WP7 market share is still quite small so there is little "interest" yet.

        Also you seem to believe that a native SDK is somehow unsecure already by design while managed code is not. But that's not the case. The whole iOS SDK is native and it is not less secure than WP7 or the Android SDK (Dalvik/Java) which btw. uses also managed code like WP7.

        • http://wmpoweruser.com wmpoweruser

          Actually I think the biggest issues are the ones surrounding the Android Market, where copying of apps by other developers are rampant, and Google exerts only a small amount of control, allowing incidents like the above to happen.

  • http://twitter.com/jessiethe3rd @jessiethe3rd

    This is what happens when you "open" up everything. You steal code from Java, don't allow indemnification for OEM hardware providers, and give 240,000 of your users a virus.

    On brighter news, Trend and Symantec are going to have a field day…

    "To help protect users we are introducing performance sucking, Antivirus for Android!"

    • Wanderer

      Yeah, there are no viruses, trojans or any exploits for Windows XP/Vista/7. I'm so glad it is closed source.

  • Arkane

    But we can install antivirus software that will slow down this linux-based OS, so no worries! It might as well not be linux.

  • marek selecky

    well its funny to rea

Scan QR Codes, UPC, EAN, Code 39/128 or ITF barcodes on your Windows Phone 7 to find best prices online. Enjoy slots? Blackjack? Video Poker? Play Crazy Casino FREE! #1 FREE Solitaire on WP7 If your a fan of Pong then you will love this game. Heavenly Skies. Save the universe! Are you ready? A rewarding mix of match 3 and tetris gameplay Free, Live Tile support for Word Of The Day and so much more. Why NOT try it out? Set up reminders with only two taps. Supports also text reminders and voice reminders. Download the best puzzle game in WP7 Marketplace for FREE! Are you a good Alchemist ? Use your brain to discover Atomic Energy, Chuck Norris, Angry Birds and 1400 more ! Fun puzzle game with over 150 levels! Fully featured, beautifully designed WP7 YouTube app. u.n.i MEGA PACK (FREE), the ultimate addictive top GAMES bundle for Windows Phone 7! 7+ and growing! Highly addictive word game designed for adrenaline junkies. Practice locally, but then are you fast enough to compete online? Google RSS reader Windows Phone WP7 The smartest Google reader app. Air Soccer Tour Air Soccer Fever - Realtime Online Multiplayer casual soccer game for FREE Beat the Story Mode. When your done Bring your skill online. Rank up by winning online matches. Have 1 on 1's with anyone! Global Online Multiplayer! Newest devices leaks, online charts and ultimate performance benchmark for every Windows Phone. Every day, get great app deals from Windows Phone developers pushed to you! Quick Tiles, a fully featured live tile editor for Windows Phone. Great sports app for NFL, NBA, MLB, NHL. Pin scores/games to live tile on your home screen. MobileFax gives you the opportunity to send fax pages from your mobile phone anytime, anywhere ! WP7 Exclusive version of Hanging with Friends Fabulously fun, lovable, crazy! Bubble Pong Championship A remake of the classic snake game. The snake wants to grow so don't wait and help her!

Promote your app on WMPoweruser.com
Latest WMPoweruser.com Forum Posts
Wholesale Cell Phones

Nokia LCD, Flex Cable,Wholesale phone partstrusted supplier.

Find the latest mobile phones at the cheapest prices at mobilephones.org.uk

Cell Phone Accessories

canon dslr cameras
OEM Samsung Accessories
See The Smartphone Database for the latest smartphone specs.

Windows Phone 7 Apps

Privacy Policy |About| Contact us

Copyright © 2012. All Rights Reserved.