[Cialug] Android market compromise

Josh More MoreJ at alliancetechnologies.net
Thu Mar 3 09:18:05 CST 2011 

There are two stories.  One is that, yes, they used misleading names.

The other is that they somehow overrode apps within the market so existing apps showed false "upgrades".

I'm not clear exactly what happened, but the uniform consensus is Google should look at things a bit more closely before approving apps.

Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net<http://www.AllianceTechnologies.net>
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701

Blog: Don't just blame the bad guys, it's your fault too
http://www.alliancetechnologies.net/blogs/morej

How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Tom Pohl [tom at tcpconsulting.com]
Sent: Thursday, March 03, 2011 09:15
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] Android market compromise

So let me get this straight. So, the market was't compromised, a new publisher uploaded malware and named their apps the same as other more popular apps in the store?

Thanks!
-Tom



On Mar 3, 2011, at 8:17 AM, Josh More wrote:


NO!

AVG put my phone into a reboot loop.  Use Lookout.




-----Original Message-----
From: Stuart Thiessen [thiessenstuart at aol.com]
Received: Thursday, 03 Mar 2011, 8:11
To: Central Iowa Linux Users Group [cialug at cialug.org]
Subject: Re: [Cialug] Android market compromise




A question ... I noticed there was an AVG for Android in the Market. Does that provide any real protection?

Thanks,

Stuart

On Mar 2, 2011, at 19:57 , Josh More wrote:

I've been following the android market compromise yesterday and today and finally found a reasonably complete list of the infected apps.  If you installed or updated any of the apps below in the last five days, your phone might be infected.  I have removed Chinese names from this list to limit the spam trap issue.  If you're installing non-English apps, check out the links.  The top link has the fix.  You can also fix this by upgrading to Android 2.3 (which may require you to root your phone and install a third party build like Cyanogen).


___Links___
http://forum.xda-developers.com/showthread.php?t=977154  <--- Protection is here

http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/

http://www.androidpolice.com/2011/03/02/update-on-the-malware-monster-droiddream-is-an-android-nightmare-and-weve-got-more-details/

http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/



___List___
Advanced App to SD
Advanced Barcode Scanner
Advanced Compass Leveler
Advanced Currency Converter
Advanced File Manager
Advanced Sound Manager
App Uninstaller
Basketball Shot Now
Best password safe
Bowling Time
Bubble Shoot
Chess
Color Blindness Test
Dice Roller
Falldown
Falling Ball Dodge
Falling Down
Finger Race
Funny Face
Funny Paint
Hilton Sex Sound
Hot Sexy Videos
Magic Hypnotic Spiral
Magic Strobe Light
Mr. Runner
Music Box
Omok Five in a Row
Panzer Panic
PewPew
Photo Editor
Piano
Quick Delete Contacts
Quick Notes
Scientific Calculator
Screaming Sexy Japanese Girls
Sexy Girls: Japanese
Sexy Legs
Spider Man
Super Guitar Solo
Super History Eraser
Super Ringtone Maker
Super Sex Positions
Super Sexy Ringtones
Super Stopwatch & Timer
Supre Bluetooth Transfer
Task Killer Pro
Tie a Tie


Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net<http://www.AllianceTechnologies.net/>
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701

Blog: Don't just blame the bad guys, it's your fault too
http://www.alliancetechnologies.net/blogs/morej

How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
_______________________________________________
Cialug mailing list
Cialug at cialug.org<mailto:Cialug at cialug.org>
http://cialug.org/mailman/listinfo/cialug

_______________________________________________
Cialug mailing list
Cialug at cialug.org<mailto:Cialug at cialug.org>
http://cialug.org/mailman/listinfo/cialug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110303/f3ec5114/attachment-0001.html>

More information about the Cialug mailing list