Symantec finds fake Google Android update

The malware sends SMS messages and purports to be Google's latest security update for Android

Google's latest update for its Android mobile OS appears to already have been subverted by hackers, according to the security vendor Symantec.

Symantec found an application called the "Android Market Security Tool" that is a repackaged version of the legitimate update by the same name that removed the DroidDream malware from infected devices.

The fake security tool sends SMSes to a command-and-control server, wrote Mario Ballano of Symantec.

The company is still analyzing the code, which it found on a third-party application market targeted at Chinese users.

"What is shocking is that the threat's code seems to be based on a project hosted on Google Code and licensed under the Apache License," Ballano wrote.

The fake security tool shows that hackers are taking an interest in Android, which is the fastest growing mobile OS according to analyst Gartner. More than 67 million Android devices were sold last year.

Google took the rare step last week of forcing the "Android Market Security Tool March 2011" onto devices to remove DroidDream. Typically, phone manufacturers and operators are responsible for issuing updates to devices, not Google.

The move came after more than 50 applications within Google's official Android Market were found to be contaminated with DroidDream, which stole information such as the phone's International Mobile Equipment Identity (IMEI) number and the SIM card's International Mobile Subscriber Identity (IMSI) number, and sent it to a server located in Fremont, California.

DroidDream could also download other code to a person's mobile phone. It used two exploits called "exploid" and "rageagainstthecage" to infect the phone. Google has patched the vulnerabilities in Android versions above 2.2.2, but many Android users do not have the latest version of the software.

The "Android Market Security Tool March 2011" does not actually fix the vulnerability that allowed DroidDream to infect phones but merely removes the malware, wrote Timothy Armstrong, a junior malware analyst with Kaspersky Lab, in a blog post.

The intervention by Google also underscores problems with how Android is updated, he wrote.

"Due to the nature of Android in its current state, it's very difficult and expensive to push security updates as you would on a desktop operating system like Linux or Windows," Armstrong wrote. "Unlike iPhone, which installs patches via iTunes, or Windows Mobile which uses ActiveSync, Android works almost entirely via over-the-air communication."

Google officials contacted in London did not have an immediate comment.

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremobile securityGoogleAndroidPhonesconsumer electronicsMobile handsetsExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

Family Friendly

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?