Apps

Google Pulls 21 Malware Apps Posing as Bogus Versions of Real Apps

57

Sounds like a bogus app posing as Steamy Window is the least of our worried. That particular malware may do some damage if you install it, but at least you would never find it in the Android Market. That isn’t the case with a long list of 21 applications Google pulled last night (rather quickly, might I add) after being alerted to the malware that roots your device against your will using the rageinthecage exploit. This rooting is followed by the standard data snatching and open door for the download of even more malicious code.

Not only were the apps available directly from the Android Market, but they were designed to be easily confused with already popular games. Pirated APKs were infused with the malware then unleashed in the form of Chess, Scientific Calculator, and others. The unifying factor is that all were placed on the market under developer Myournet. Here is the full list:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • APP Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

It is rather disconcerting to see such a rise in malware as of late, but that is almost unavoidable given the popularity of Android and the openness of the system. Iit is one drawback of the platform, you could argue. The scariest part is malware apps of the past have remained outside of the actual Android Market, meaning for the most part users were protected from their bad deeds. Not so much the case anymore. Be careful what you download, check the ratings and comments, and mind the developer name and permissions. If anything looks suspicious, best to hold off.

[via Mashable]

Kevin Krause
Pretty soon you'll know a lot about Kevin because his biography will actually be filled in!

Things We Missed, You Shouldn’t [March 1st]

Previous article

Samsung 4G LTE Stealth Hits FCC, When Will it Land at Verizon?

Next article

You may also like

57 Comments

  1. Like I said on an earlier blog post, when no one is guarding the chicken coop, the foxes can get in with the chickens….serves you right for settling for fake iPhones…..enjoy your malware fandroids!! Lol!

  2. @iKing

    You’re an idiot.

  3. Lol his name indicates he’s a fanboy.

  4. kIng, you have just confirmed to us all yet again just how dense the average iphoney user really is. Cheers.

  5. @iKing
    I would rather deal with a hundred bricked Android phones than deal with your lame ass OS. You are a turkey who opens and closes apps all day long.
    Can we finally pull all the Japanese porn apps off the market?

  6. @IKing your a moron. Nice to know that fanboys read up on Android though. Android loves the haters!

  7. @iKing Enjoy having your hand held like a little two year old. Does Steve wipe your ass too or you have managed to figure out how to do that one all by yourself? One day when your ready you can have an adult phone like the rest of us.

  8. *you’re

  9. hahaa fake iphones…cute sentiment iking…but androids are better PERIOD….so I’ll stick with the fake ;-) I’ve seen quite a few iOS mal/flub apps too…get off your high horse.

  10. You are doing a disservice to suggest that “reading the comments” will help spot malware. The most effective malware comes in the form of apps that do exactly what they claim to do, and do it very well, and ALSO just happen to do things you don’t want.

    Until apps2sd landed in Android, the most dangerous permissions most apps asked for were:
    – modify global system settings
    – full internet access

    Lately that list must include “modify SD card contents”, since any app with that permission can also modify the executables of any apps you’ve moved to your SD card. At the moment every one is focusing on the “front door” threat, and ignoring the many other dangers here.

    The Android security model is a broken system, plain and simple, NOT because of the OS design, but because THERE’S NO RAPID RESPONSE INFRASTRUCTURE. It took Samsung eight months to update the Epic to Android 2.2 — and then they pulled the update again. How long do you think it would take them to provide customer updates in response to an OS security hole that’s being widely exploited? Here’s a hint — whatever that update delay is, it’s too long. This problem is multiplied over all the vendors releasing modified versions of Android.

    I’ve been saying it in these forums for over a year now — hardware manufacturers should stick to writing drivers and add-on apps and NEVER, EVER modify the OS. This is a point that needs a lot of publicity so that it will be driven home to both Google and the OEM’s.

  11. @chewtoy, what are you spewing? You can’t just willy nilly modify apps on the sdcard, they are encrypted and because of that they would fail to decrypt properly and they would just crash. Just stop, really. Just stop. Learn some technical details before you post things like this.

    -Brad

  12. Not advertising the app or nothing but is why I use aSpotcat

  13. Main story should mention that this was patched in 2.2.2 and is impossible in Gingerbread.

    Start playing the Fragmentation trumpets.

  14. @Brad you completely missed his point.

    Also, apps are not encrypted. Where did you that from? They are in the .android_secure folder which is a way of hiding in Linux. But even if they were what difference does it make? Apps are isolated from each other anyway. What in the world are you talking about? Why dont you pay attention to what youre reading/writing.

  15. 躲避弹球
    下坠滚球
    蜘蛛侠

    extra duck sauce please

  16. Android or nothing.

  17. I don’t actually know if the apps are encrypted or not but they are .asec and not .apk if I remember rightly and it wouldn’t surprise me.
    .
    What I do know though, is that apps are signed with a private encryption key and if they are modified they will fail to work.

  18. I like the android environment but it is not perfect. Google needs to screen every app available on their website for malware. The average user should not have to buy an antivirus program to scan every app they download from the market. If they sideload pirated apps or apps from a site they just found on the internet then they are to blame for any problems their phone has. Unless google wants their OS and app markets to have a reputation for malware then they need to step up and make their market safe for even the most inexperienced users. IMHO

  19. Fuck it. Lookout your going back on the Vibrant.

  20. There was more that got pulled then this. Publisher kingmall2010 also got a bunch pulled because of this. I have an app sexy orgasm soundboard, that he pirated into super sex sounds and all of the comments were about malicious software. I checked today and he’s no longer in the market. It looked like all of his apps were pirated ones. He had around 15 or so.

  21. Verizon iPhone 5 here I come….
    (I’m being facetious of course!) lol
    I agree with the previous poster who mentioned reading the comments/reviews/permissions, and read them again. Still won’t completely protect you, but it’ll help. Time for Phandroid to review some antivirus apps for us. Perhaps let us know their effectivness, how much they slow down your device, etc.
    Personally I haven’t downloaded a new app in over a month and haven’t had the need for anything new. I only have about 10 apps downloaded from the Market and there’s nothing else out there that I really need. Times, they are a changin!

  22. iking why are you even on a blog called PHANDROID?

    ha

  23. I know I would offend some people out there but iOS environment is like communism and Android is like capitalism.

  24. There is a reason why the best developers and apps are on iOS. Apple is not willing to make the security compromises that are necessary to operate and open source system. Besides, with their app count approaching 400k, their “closed, walled garden) system has worked quite well, thank you. This is what you get with Android: instability, fragmentation, inconsistent software updates, carrier-implemented bloatware, compromised security, and a UI that’s far from user-friendly. But hey we love our widgets! Lol

  25. @andetheninja:

    Bcuz so many of you fandroids post on Apple blogs….it’s called “equal time”……

  26. So what do you do if you have an app that was listed?
    Spider Man
    and
    Advanced Currency Converter

  27. Apples has had to pull malicious programs too. Just to destroy any the arguments of any haters that might pipe up, sorry fellas.

  28. Prior to this report, the only malicious apps out there were shady third party pirated apps (and apps from shady Chinese markets). Never really saw the need for an antivirus before reading this report but now I might just have to get it.
    And @iRetarded, you have no idea what you are talking about. Apple’s security is not as great as you are hyping it out to be, it is always hacked at the annual Pwn2Own competition (though that is probably because it uses one of the least secure browsers known to man, Safari). I doubt you have ever even used an Android device. Instability? Occasional force close sure but overall it is pretty stable. Fragmentation? It is a word which iPhone users recently learnt and love to use but have no idea what it means and are making it a much bigger deal than it really is. Variety is a good thing. Inconsistent software updates/inconsistent update patterns is a manufacturer-related thing, not an Android-related thing. If you get a Nexus phone, neither of those would be the case. Why are you even posting on this site? My guess is that you are jealous that you are stuck with an OS which has a shitty UI, shitty browser and overall just a shitty user experience (I have used 2 iPhones, 3G and 4, and an iPad, and it was easily among the most frustrating experiences of my life).

  29. Furthermore, nobody mentions the fact that the exploits used by these apps have been patched up in Android 2.2.2/2.3. Google did their part but the manufacturers/carriers did not do theirs.
    There are still Apple (original EDGE and 3G) which do not have the latest updates and security holes that can be exploited through third party apps and websites (hell, all versions of any OS have security holes which can be exploited).

  30. @mrmojoz:
    Neither OS is 100% secure…but there are FAR FEWER of these stories that are associated with iOS….can’t even compare the two

  31. Must… Not… Feed… Troll…

    It’s inevitable. Malware exist in any open system. I guess you’re safe if you leave debugging off unless you are specifically needing it; since rageagainstthecage requires debugging to be on.

  32. @King Lest you forget that the iPhone used to be harvested for it’s juicy information with just a series of text messages. Regardless, you can enjoy using your device the way some rich guy tells you how to enjoy your device and I will continue to enjoy using my device the way I use it.

  33. Ha Ha Ha! Android sucks!!!

  34. @iRetarded: “Far fewer stories?” This is the FIRST malware story which does not involve shady outside sourced/pirated apps. You are a troll who has no idea wtf you are talking about. Just shut the hell up.

  35. Tell me again why a rootable phone is a good thing?

  36. One of the things I love about the android market over the apple store is the majority of apps are free, whereas you have to pay for the majority of apples.

  37. @Ace….don’t let the itroll get to ya! it’s best to ignore him as he’s probably a 40 y/o loser living in his mothers basement with nothing better to do.

  38. What a bunch of f**king android retards. Only response is yeah, but!! Funny as shit!!

  39. @iKing – The reason that there are so many developers who work with Apple is because until recently, the iPhone was the largest platform on which to sell their apps
    Now that the OSs are more or less on same footing, with Android rapidly expanding past iOS’ dreams, many Apple devs are also making Android-based versions of their apps, if not switching to Android developing…
    It’ll work very well for us, also ;)

  40. GOOD GOD TROLLS EVERYWHERE

    >inb4iKingshitstorm

  41. @Ace Curry:
    Apparently iPhone users are not the only ones that talk about Android fragmentation. How about one of the most WELL KNOWN developers in the world, Angry Birds Rovio, who also laments the problems with developing for Android as opposed to the smooth, consistent experience of developing for iOS: http://www.pcworld.com/article/211152/angry_birds_devs_angry_at_android_fragmentation.html

    Or, how about Epic VP talk about Android fragmentation:
    http://www.droidgamers.com/index.php/game-news/android-game-news/1148-epic-says-android-fragmentation-is-a-major-issue-speaks-on-future-development-plans

    You can stick your head in the sand all you want, but it’s real.

    As far as security, like I said neither is 100% safe…. But studies have shown that security is a much bigger problem for Android than it is for iOS (or even blackberry): http://www.informationweek.com/blog/main/archives/2010/06/which_platform.html;jsessionid=25T4VZPMEQPLDQE1GHRSKH4ATMY32JVN?nomobile=1

    This is why Android has a much slower adoption rate in the enterprise than BB or iOS….not opinion, but fact….

    P.S. Jealous??? Of Android??? Please….
    iPhone wins Best mobile Device at Mobile World Congress: http://www.phonearena.com/news/iPhone-4-nails-best-phone-award-at-MWC_id16819

    iPhone wins Mibile Phone of the year from the Engadget reader’s choice and editor’s choice awards: http://m.engadget.com/default/article.do?artUrl=http://www.engadget.com/2011/02/25/the-winners-of-the-2010-engadget-awards-editors-choice/&category=classic&postPage=1

    iPhone is the most desired smartphone: http://arstechnica.com/apple/news/2010/12/iphone-rim-tops-us-share-iphone-most-desirable-smartphone.ars

    iPhone has the most successful debut in Verizon wireless history, estimated to have sold over 1 million at launch: http://www.pcworld.com/article/221008/verizon_iphone_1_million_sold.html/

    Jealous??? Yeah right…..

  42. Fanboys aside, there is some truth to what the first post says. As an Android user you have to ask if you’re OK and prepared to deal with that fact though. You also have to consider those indirectly at risk- your entire contact list.

  43. @Karl:

    Android = 150,000 apps: http://www.androidcentral.com/150k-apps-android-market-tripled-9-months

    Apple = 350,00 apps: http://148apps.biz/app-store-metrics/

    I would hardly call them on the same footing….

  44. Guess I’ll wait to install soft porn on my phone… punishment in the reward?

    Another article says that any android version 2.2.2 or higher is safe. Verizon has the droid x sitting at 2.2.1. maybe they need to push an update!

  45. @ iKing, dude, you don’t even have a working alarm in your iPhony. Can your iPhone say MULTITASK??? Can your iPhone say…. WIDGETS???

    The iPhone is so last year, Apple again made the mistake over policing their products and will eventually pay the price of shirking market share(Oh wait, that already happened). Apple does have a polished UI and great battery life but it also comes at the price of not being able to do Flash(Not even close to dead), not being able to multitask, and apps are written in a Objective C language that no-one but Apple takes seriously. Oh, and lets not even touch the whole shitty Antenna and reception on both AT&T and Verison! Apple is about to get Shut down, and if they dont pulla rabbit out of their a$$es with the iPad2, their done for.

  46. I find the UI of Android vastly superior to IOS, and I had an iPhone 3GS for 1 1/2 years and honestly did like it. I have a samsung captivate so yes slow updates are a problem, I too think google should review apps for malware before putting them on the market, now that we’ve seen instances of it actually getting on the market.
    But with any operating system you will never truly escape the threat of malware.
    I also would like to see more High End Google experience phones, I would get the nexus s if it wasn’t for it’s lack of and sd card slot.

  47. “Be careful what you download, check the ratings and comments, and mind the developer name and permissions. If anything looks suspicious, best to hold off.”

    ^^^ THAT.

  48. It’s not so much the iFanboys as the iTrolls that are a pain here. We really need an iTroll filter on phandroid.

  49. The only secure computer (and that’s exactly what we’re talking about here, even if some of us make the occasional phone call with them) :-)
    is the one that is unplugged and has the battery removed.

    Because of that, users have to check what permissions each app wants, the comments, how new it is, who the developer is, etc.

    ToastNJam has a sane approach: get the apps you actually need, not every app you can find to download. Then stick with them. Unfortunately for me, I tend to fall on the other end of the spectrum. I love to explore new apps (For example, do you know how many cool carpenters level apps there are?), and because of that, I need to take all the precautions I can, including a virus checker. So far, so good. And my only sideloading experiences are with systems apps from trusted sites and developers. I don’t visit GetAppsHereSinceYesterday.com.

    Bottom line, no matter the OS: Android, iOS, Windows, Linux, etc., and no matter the defensive tools available, only one person can keep me safe–me.

  50. There’s another thing I always do when recommending an app that helps with the social engineering part of the problem (that is, the part that says “…they were designed to be easily confused with already popular games”).

    Multiple apps can have the same name (For example, see Advanced Task Manager apps, one by ARRON LA, another by INFOLIFE LLC). So I always specify the developer as well as the app name. That helps with easily confused “near miss” app names, too. I just wish all the books/magazines would do the same.

  51. Anyone downloading an app called Hilton Sex Sound should know full well they’re about to get a virus

  52. @ Iqueen , you just have a crush on Steve jobs and probably place your i*on vibrate to play with yourself to a picture of that hideous chud. when apple collapses from his the weight of his iron fist ( which I’m sure you fantasize about being deep in your rancid sphincter) all I can say is… I-toldyaso

  53. @ Iqueen , you just have a crush on Steve jobs and probably place your i*on vibrate to play with yourself to a picture of that hideous chud. when apple collapses from the weight of his iron fist ( which I’m sure you fantasize about being deep in your rancid sphincter) all I can say is… I-toldyaso

  54. Love the titles of some of those apps. U get what u deserve if you download screaming Japanese girls…

  55. @iKing
    Enjoy your brainwashed retardation. At least malware can be removed and remedied, sadly there isn’t any hope for you.

  56. Any “system” running whatever OS can be compromised…

  57. i was an iphone user only but having an open mind i checked out android and have just bought my second android phone and sold my iphone. android has so much more.i use lookout and avg antivirus.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Apps