Android's Fast Racing: Don't be deceived by these legit looking apps
Google needs to boost security system for Android
Racing fanatics better not download the racing game Fast Racing for their Android-based tablets and smartphones.
A research team from North Carolina State University, headed by professor Xuxian Jiang, discovered early this month a trojanised app called Fast Racing, hiding malware which it called 'Golddream'.
According to Jiang, the new malware spies on SMS messages received by users as well as incoming/outgoing phone calls and then uploads them to a remote server without the user's awareness.
He adds that the malware has the bot capability in place: It will fetch commands from a remote C&C server and execute them accordingly.
"We found that this malware has been circulating in a few alternative android markets and forums targeting Chinese-speaking users. Some popular game apps (e.g., Draw Slasher and Drag Racing) have been repackaged to include this malware," Jiang said.
"For a game, this Trojanized version needs a lot of permissions-more than is typical for an app like this," said Trend Micro analyst Kevin Alintanahin said in a blog post.
Alintanahin stated that when the phone boots, the malware will start its service named "Market" - seemingly to trick the user that it is just a harmless service.
Jiang notes that the GoldDream malware also exhibitts the bot behavior: it can receive commands from a remote server and then execute them accordingly. Based on their initial analysis, the commands GoldDream supports include:
* Sending SMS messages in background
* Making phone calls
* Installing/un-installing apps
* Uploading a file to remote server
Jiang said they have been in touch with a number of mobile AV companies, including Lookout, Symantec, and McAfee, among others, to detect and block this malware.
Highlighting the vulnerability of the Android security model, just last month, Google removed 26 malware infected apps from the Android Market. In March, Google removed 50 50 applications from the store that contained malicious code embedded in legitimate applications.
Security firm Lookout said that the malicious apps removed in June were likely created by the same developers who were responsible for a previous attack of Android malware called 'Droiddream' back in March. Magic Photo Studio, Mango Studio, ET Team, BeeGoo, Droidplus and Glumobi were the six developers named as publishing malicious apps with names like Sexy Legs, Volume Manager, Quick SMS Backup and Tetris.
Tim Wyatt of Lookout, in a blog post, said that to avoid malware:
* After clicking on an advertisement, pay close attention to the page and URL to make sure it matches the website it claimed to have sent you to.
* Only download apps from trusted sources, such as reputable app stores and download sites. Remember to look at the developer name, reviews, and star ratings. If they claim to have sent you to the Android Market, check to make sure you are actually in the Market before downloading anything.
* Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS messages, strange charges on your phone bill or unusual network activity.
* Download a mobile security app for your phone that scans every app you download to ensure it's safe.
Google's Android, which just this year emerged as the top operating systems platform for smartphones, has become a target from malwares.
Manufacturers that have released Android-based phones include Samsung, Motorola, HTC, LG and ZTE. Samsung is now the second largest phone manufacturer after Nokia. Samsung has sold 3 million units of the Android-based Galaxy S II since the release in May this year.