DroidDream turns Androids into zombies

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper"

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.

The code, dubbed "DroidDream," attempts to use two exploits to gain root privilege on a compromised smartphone by breaking out of the sandbox designed to limit what applications can do on Android devices, mobile security firm Lookout stated in its most recent analysis. While the vulnerabilities targeted by the program were patched by Google last year, the majority of phones do not have the update yet, allowing the attack to compromise more than 260,000 phones, Google said in a statement.

Also see: After attacks, Google vows to fortify Android Market

Following the first stage of the attack, the program then forwards phone-specific information -- including hardware, software and service identifiers -- to a command-and-control server, which can then direct the compromised phone to reconnect at a certain time and download additional functionality from a specific URL, according to Lookout's analysis.

"The second stage is more interesting -- it is essentially a blank check," says Kevin Mahaffey, Lookout co-founder and chief technology officer.

The second-stage program appears to have unfinished functionality that would have allowed it to manipulate Marketplace ratings and post comments, the Lookout analysis states, concluding that "DroidDream could be considered a powerful zombie agent."

Google pulled down 58 applications from the Android Marketplace and has started to identify affected users and remotely remove the malicious applications from their smartphones. The company will also be pushing a security update to all users to undo any malicious changes and augmenting security measures for the Android Marketplace to attempt to head off future incidents, the company stated in a blog post.

Security companies have repeatedly predicted the rise of mobile malware, but the threat has typically been more myth than reality. Previous attacks against Android-based smartphones have targeted non-Marketplace apps. Earlier this year, for example, Lookout warned of the Geinimi Trojan, which mainly spread in China.

Yet, malware developers seems to be focusing more intensely on mobile-device users. Businesses need to worry because their IT departments do not have the same control over smartphones that they may have over their PCs and laptops, Mahaffey says.

"When there is a vulnerability there are two choices: You can work around it or you can patch it," he says. "With mobile, there really isn't that ability (to patch) right now."

Instead, businesses should deploy device management software that allows them to implement application whitelists, he says.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags smartphone securityGoogle securityapplicationssecuritymobile securityLookout Mobile SecuritysoftwareData Protection | WirelessDroidDreamdata protectionGoogle

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert Lemos

CSO (US)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?