Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DroidDreamLight -> phone nightmare.

Published: 2011-06-02
Last Updated: 2011-06-02 15:59:34 UTC
by donald smith (Version: 1)
3 comment(s)

Kasperky Lab Security news service posted this recently.
https://threatpost.com/en_us/blogs/droiddream-returns-dozens-infected-apps-pulled-android-market-060111
“Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market.”


The user  does NOT have to run the application to trigger the data theft.  A phone call can trigger that event by invoking android.intent.action.PHONE_STATE intent (an incoming phone call). When that occurs data is extracted from the phone and sent to a remote site including IMEI,  IMSI, installed package list, other data and possibly install other applications.


Additionally mylookout.com a company that makes smart phone security software posted a analysis of droiddreamlight and a set of infected applications here:
http://blog.mylookout.com/

Keywords:
3 comment(s)
Diary Archives