Apple fans get to have a little snicker here. One of the great strengths that Mac platforms offer over Windows PC platforms is their relatively infallibility when it comes to the dangers presented by the modern-day computer virus. It turns out that Google’s Android OS is a likely target for malicious programmers as well. Publisher Myournet has been removed from the Android Market by Google, along with its 21 apps that were a malicious trojan horse, Android Police reports.
Myournet actually took pre-existing apps from other developers, inserted the dangerous code and then repurposed those apps as its own releases. The pesky malware is actually rather dangerous, a root exploit that is able to steal all of the infected device’s data and even download more code for causing further mischief.
To its credit, Google reacted quickly and decisively upon learning the news. Android Police learned of the trojan from Reddit user lompolo. They alerted Google after verifying the claim and reported that the offending apps were pulled from the Android Market in less than five minutes.
Unfortunately, it was only quick enough to halt the further proliferation of Myournet’s attack. The 21 apps were popular ones, with more than 50,000 downloads overall. That same number of people now also have a deeply embedded trojan horse to contend with, though Android Police notes that plans are already in motion to develop a fix.
This is the tradeoff of offering an app marketplace with a less restrictive set of product guidelines. Apple’s draconian verification process for the App Store means you get less, but you worry less. That doesn’t mean it’s the best approach, but Android Marketplace users will certainly want to be more careful about what they download moving forward.
UPDATE: A list of the affected apps is below.
- Falling Down
- Super Guitar Solo
- Super History Eraser
- Photo Editor
- Super Ringtone Maker
- Super Sex Positions
- Hot Sexy Videos
- Chess
- 下坠滚球_Falldown
- Hilton Sex Sound
- Screaming Sexy Japanese Girls
- Falling Ball Dodge
- Scientific Calculator
- Dice Roller
- 躲避弹球
- Advanced Currency Converter
- App Uninstaller
- 几何战机_PewPew
- Funny Paint
- Spider Man
- 蜘蛛侠
Of all the thousands Trojan laced apps they only remove 21? Pfft
Wow good thing I have to remove the Hilton sex sound app… My right hand was getting so tired I don't know how much longer I could have gone for…
This is only the latest series of malware incidents in the Android Marketplace and it definitely won't be the last since anyone anywhere in the world is able to post anything to the store be it malicious software, spamware etc.
Here is a short list of some of the other malware that has been discovered hosted by the Android Marketplace over the last few years:
- More than 50 Android mobile banking apps in the Android Marketplace each targeted at a specific financial institution whose true purpose was phishing and identity theft.
- Mobile Spy and Mobile Stealth apps
- SMS Message Spy Pro and SMS Message Spy Lite spyware apps
- The 45,000 spamware apps clogging up the Android Marketplace (as noted by Appbrain)
In addition, there have been quite a number of malware apps and incidents in the wider Android community as well:
- the Geinimi botnet app that is infecting numerous Android apps on Chinese app stores and spreading around the world.
- Trojan-SMS.AndroidOS.FakePlayer.a, the Russian “Movie player” app that surreptitiously sent premium SMS texts from unsuspecting users
- Brand new HTC Magic phones infected with the Mariposa botnet and Conficker and a Lineage password-stealing Trojan that attempt to infect Windows PCs when connected over USB.
In contrast, despite hosting getting towards half a million apps and over 10 billion downloads, there have been Zero pieces of malicious software come through the iOS App Store. A 100% safety record. Not bad, and good reassurance for a public tired of virus-riddled PCs.
This demonstrates precisely some of the major advantages of the iOS platform. Having a trusted curator reviewing app submissions and rejecting spam, malware and poor coding has distinct advantages that often gets lost in the open/fragmented vs closed/integrated debate.
-Mart
Of all the thousands Trojan laced apps they only remove 21? Pfft
Damn, I guess I will have to uninstall my ‘Screaming Sexy Japanese Girls’ app…it was my fave too.
This really isn’t surprising, hackers would find the best target to be the most popular mainstream system that has a glut of inexperienced, uneducated users. The iphone users can have their sandbox and I will just keep avoid apps like “super advance checkbook and credit card balancer”
The common belief that Mac computers cannot get viruses has nothing to do with the phone os. It is nothing like the Mac os that you open with. That entire sentence is worthless. These are phones and are not nearly as sophisticated as a full os, and as a result are going to be more vulnerable to viruses. Anyway, macs can get viruses. Macs cannot get "pc" viruses because those are programed for a different platform.
One need read no farther than the second sentence to know the reporter is clueless. Viruses, worms and trojans are three distinct types of malware with three distinct attack vectors. Trojans are widespread regardless of OS because the average end user is so blasted ignorant and sometimes flat out stupid.
Actually, right up until that last paragraph, you were right, but decided to go toss in a fallacy about how the draconian App Store makes you safer from this sort of thing. That is simply not the case. Apple does not go through lines of code to check an app, so a seemingly innocuous app could sneak through something else as well. Remember the "flashlight" app that was also a tethering app if you knew the "code" to enable that feature? Well, that same sort of exploit could be use maliciously as well, and a trojan could just as easily get through Apple as well.
And while we are at it, please don't say that there simply aren't exploits for iOS. Remember, every hack used to Jailbreak an iPhone is an exploit of a flaw that can be used as well.
Do we need to be concerned about this? Of course? Are you safer having an iOS device? Don't kid yourself.
50,000 downloads of a trojan on android phones. 0 on iOS. iOS is safer.
The first virus found to infect iPhones was found in late 2009. Having a locked down source for apps is safer much like never leaving your house protects you from car accidents. The OS itself however is no safer.
50,000 Trojan downloads on android. How many people got an iPhone virus in '09?
The link to the android police contains all the apps involved..
This is amazing! The story is half bakes and hardly intelligent. ROOT EXPLOIT. This means that you have to have root access on your Android device. In a Apple world, this means that your device would have to have been jailbroken…. When making publications such as this then support the claim with definitions that are viable for debate.
The same threat is plausable under jailbroken iPhones and Cydia…unauthorized apps on Apples marketplace…
The difference here is that Android has a "open" community of developers who will help recognize issues such as this and properly reported to have this resolved.
Now if Google pays third parties to snoop around iphone jailbroken forums and find threats then we'd be hearing some interest claims..
Your and idiot. It attacks non-rooted phones using rageagainstthecage. In other words, in iPhone language, the bad software has jailbreak built into it, so that it takes over WITHOUT the user granting SU access.
I agree, though, with the open source community comments…this stuff is generally found fast and free fixes passed around…or are those fixes yet more viruses?
You got me…1ms after the post I attempted to edit…no dice. :-)