Malware in sheep?s clothing has been infecting Android devices. The dangerous apps have been pulled from the Android Market, but not before tens of thousands of users had been bitten.
A Trojan embedded in look-alike apps used a root exploit to gain access to the phone?s data and to download more malicious code. They use an Android executable file (APK) to snag user and device data. The apps have been deleted from phones, but the residue can still cause problems. Google is reported to be working on that.
Concerns and notifications reportedly came from a developer, a Reddit user, and finally the Android Police, according to eCommerce Times. The disguised apps are all pirated versions of popular games and utilities. The app publisher Myournet is being blamed for many of the fictitious apps.
You should also be concerned about apps from a developer named "we20090202" and a publisher "Kingmall2010". The apps include Super Ringtone Maker, Magic Strobe Light, Funny Face, and, ironically, App Uninstaller. Many of the rouge apps contain the enticing word "Sex". You can find a full list of the fake apps at PC Magazine’s Security Watch.
Although Apple is thought to have tighter security than Android, Neil Shah, analyst for wireless devices strategies at Strategy Analytics, warned: "There have been instances where a bunch of third-party apps on the App Store have been quarantined after reported security threats, and higher threats loom for the jailbroken devices."
Google also moved fast once a threat had been identified. Chris Hazelton, research director for mobile and wireless at the 451 Group, commended: "The actions taken by Google to quickly — once identified – remove the apps listed in Android Market and remotely wipe these apps from users’ devices shows that Google does have substantial security tools."
Symantec warns that Android malware is increasing. They give Android.Pjapps as another example that goes after Android devices. It is a Trojan that has back door capabilities. These apps spread via compromised versions of legitimate applications. You can see an example at Symantec’s site of how a revised Steamy Window can fool you into believing it is the real thing.
Many experts noted that the openness of Android was great for developers, not so great for users. Nor do they feel it is ready for prime time in the Enterprise market, due to such security concerns.