Malicious cloned games attack Google Android Market

Filed Under: Android, Malware, Mobile, SophosLabs

Android marketIn the world of Android, a successful attack on applications hosted on Google's Android Market is equivalent to a successful attack using Black hat search engine optimization routines, which are often seen in Windows malware, primarily in fake anti-virus software.

By exploiting the reputation of the most reputable content source, Android Market or a search engine, attackers can build a platform for launching attacks, often in the hope of making some money.

The latest two-pronged attack on the Android Market was launched by a malicious developer Logastrod. Logastrod exploited the ease of cloning Android apps, made "trojanized" copies of many popular games and uploaded them to the Market.

The attacker created at least a dozen copies of the most popular games and published them as a free version after adding code to send SMS messages to premium line numbers.

Logastrod permissions

The malicious apps were published to the market early in the morning yesterday in pacific time, most probably to allow the attacker for more time before the applications are removed by the Google security team.

The list of cloned games included:

  • Cut the Rope FREE
  • Assassin’s Creed® Revelations
  • Where's My Water? FREE
  • Riptide GP FREE
  • Great Little War Game FREE
  • World of Goo FREE
  • Angry Birds FREE
  • Shoot The Birds FREE
  • Talking Tom Cat 2 Free
  • Bag It! FREE
  • Talking Larry the Bird Free
  • Talking Larry the Bird

Misusing premium SMS services is the most common model for malicious mobile malware. When a malicious app is installed, it starts sending or receiving messages, which makes the installation very expensive for the user. The damage is often seen only when it is too late, once a monthly bill is received.

After more than a day on the market, the applications were pulled off by the Android Market security team. Google's reaction has been quick, but not quick enough - at least ten thousand users downloaded one of the malicious apps from the list.

Need for speed stats

We have already stated several times that the requirements for becoming an Android developer that can publish apps to the Android market are far too relaxed. The cost of becoming a developer and being banned by Google is much lower than the money that can be earned by publishing malicious apps.

The attacks on Android Market will continue as long as the developer requirements stay too relaxed.

, , , , , , ,

You might like

4 Responses to Malicious cloned games attack Google Android Market

  1. Robert Gracie · 1396 days ago

    Thanks for the heads up guys I know thanks to this I will be a lot more careful when dealing with the android market place

  2. Andri · 1396 days ago

    Will Google actually delete the these programs from the users devices who installed them and then refund them I wonder? Lets hope they do for their sakes.

  3. Dan · 1395 days ago

    I guess users aren't that capable of telling obvious fakes when they see them. The image shown in this article is one of the best examples of something that nobody should be able to fall for. I mean come on, a World of Goo image with the text saying that it is Need for Speed Shift?

  4. Less than 2 day response time "isn't quick enough"? Bull shit. If it were another company, this info probably wouldn't even be public yet. Not pointing the finger at any fruit named companies.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.