Google moved to terminate the DroidDream malware attacks by invoking its remote removal application tool March 5. This will eliminate the apps from affected Android 2.1 and earlier devices.
Google March 5
remotely removed 58 malicious applications that affected smartphones based on
its Android 2.1 operating system and earlier versions-the latest of several
steps to blunt the malware.
Google March 1
learned of the suspicious programs, dubbed the DroidDream attacks, and removed
them from the Android Markets, suspended the developer accounts responsible for
them and contacted police about the software.
The company
believes that the developers responsible were only able to grab codes used to
identify mobile devices and determine the OS version running on a device.
However,
because of the "the nature of the exploits," Google believes the
attackers could access other data, so the company used its remote removal
application tool to protect those who downloaded a malicious application.
For the
DroidDream attack, Google is also pushing an Android Market security update to
seal the exploits to prevent the attacker from gleaning any more information
from affected devices.
Users whose
smartphones have been affected by the malware will get an e-mail from the
android-market-support@google.com team over the next 72 hours and also receive
a notification on their device that Android Market Security Tool March 2011 has
been installed. Some users may also receive notifications on their device that
an application has been removed.
Google isn't
stopping there either, promised Android Security Lead Rich Cannings, who said his team is adding more measures to prevent
malware using similar exploits and is working with its hardware partners to
provide the fix for the security issues.
"Security
is a priority for the Android team, and we're committed to building new
safeguards to help prevent these kinds of attacks from happening in the
future," Cannings said.
The attacks
manifested this week after Android 2.1 and earlier handsets became infected with the DroidDream Trojan when users
downloaded applications titled "Kingmall2010," "we20090202"
and "Myournet." The applications swiped device and OS
info and uploaded them to a remote server.
Google and
Apple frequently remove applications from their mobile
application stores for violating terms of service. But Google rarely has cause
to invoke its remote removal tool to expunge applications from users' devices,
an indication of how serious the Droid Dream attack could have been.
Google first leveraged its remote application removal tool
last year to jettison from devices two applications created by a security
expert for research purposes.
As an open-source
platform, Android is under constant threat of exploitation. This makes shoring
up the Android Market and the devices it serves a trickier proposition for
Google, which frequently finds itself playing whack-a-mole with security threats.
Email
Print
