Several months after Google pulled a long list of titles from the Android Market to help protect users against Malware, the platform has reportedly been targeted by a fresh scam. Security software company NetQin claims to have found malware contained in over 20 Android apps, causing devices to auto-dial phone numbers or send text messages that lead to unwanted fees.
The malware, referred to as BaseBridge, is said to be attached to legitimate applications, installing itself after users are asked to upgrade. Aside from the auto-dialing capabilities, the malicious code is also credited with blocking fee notifications from carriers. Handsets utilizing 360 Safeguard reportedly show false warning notifications that the software tool is not running properly.
At the same time xperts at the security firm Lookout Mobile have detected a new variant of DroidDream, the dangerous Trojan that in March was found lurking in the official Android Market, infecting more than 50 apps with rogue data-stealing code.
This time it’s called DroidDreamLight, but don’t let the name fool you, this Trojan is just as nasty as its heavier predecessor.
Spotted this past weekend (May 28 – May 30), DroidDreamLight has already wormed its way into 24 Android apps, affecting between 30,000 and 120,000 customers.
DroidDreamLight works much the same way as the original DroidDream, harvesting users’ sensitive phone data and downloading malicious code to affected phones from remote servers.
Lookout Mobile urges Android customers to take extra precautions when downloading apps, and recommends reviewing the developer’s name, reviews and star rating, and checking the permissions each app requests before installing it.
The list of infected apps includes titles such as QQ Doudizhu, Voice SMS, Drag Racing, Trader, Donkey Jump, Jungle Monkey and Gold Miner, among others
