There were 50,000 downloads of 21 apps that have now been pulled from Android’s Market because the apps contained malware that achieved root access, gathered personal information and had the ability to download additional code without the user’s consent. Android Police discovered the exploits and note:

I asked our resident hacker to take a look at the code himself, and he’s verified it does indeed root the user’s device via rageagainstthecage or exploid. But that’s just the tip of the iceberg: it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

Curious what the apps were? They were all from publisher Myournet:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

So there you go thinking you have an innocent game of Chess and bam…something bad but no one really knows for sure happens. All of these apps were pirated apps that were downloaded, had malicious code inserted and then resubmutted to the market. Of course, Google isn’t the one that found these. In fact, there’s nothing suggesting they’re even running scans on apps in their Market to protect users.  And if a third party didn’t catch it, they’d still be there. Of course, this begs the question as to how many more of these types of apps are floating unnoticed right now.

Hey Google, want to step up to the plate and maybe run a scan on apps to protect your users? No? Oh, you want to be open…I see. Ok, your call.

via Mashable

NO COMMENTS