NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

Malware variant pretends to manage Android install files


A new variant of a malware targeting Google Inc.'s Android operating system is masquerading as an APK manager software. Computer security firm Trend Micro said the variant of DroidDreamLight was downloaded "50 to 100" times before it was yanked out of the Android Market. "The malware sample we found, detected as ANDROIDOS_DORDRAE.M, is inside an app called App Installer. Once executed, the main class of the app starts the malware service called AppUseService," it said in a blog post. APK is a file format used to distribute and install apps on Android. Trend Micro warned the malware service still runs even if the app is not executed, and that it can be started when an the device makes or receives a call. It said the malware gathers information from the device and then uploads it to its server when it phones home:

  • Device model
  • Device language setting
  • Country
  • IMEI (International Mobile Equipment Identity) number
  • IMSI (International Mobile Subscriber Identity) number
  • List of installed app together with the app name, package name, package version
But Trend Micro said it could not access the servers indicated in the malware during its analysis. Users can check if their phones are infected by going to Settings>Applications>Running Services, and manually remove the malware from their system by going to Settings>Applications>Manage Applications to uninstall the infected app. "Users are likely to encounter other Android malware posing as legitimate apps due to the Android Market’s 'open' nature," Trend Micro said. User intervention required Trend Micro said the DroidDreamLight variant does not use exploits and will need user intervention to install its downloaded components. It said there is a possibility the malware may masquerade as an update for an installed app. "Based on its code, the malware is capable of showing download/update notifications. That way, all it has to do is use the name of an application on the retrieved list of applications, and display the notification with a malicious link from the server," it said. — LBG, GMA News
Tags: android, malware
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
Most Popular