Google has removed at least 15 Android apps from its official Play market after receiving outside reports they were malicious trojans that siphoned names, telephone numbers of email addresses of every person in the phone’s contact list.
The apps, which were reported here by McAfee researcher Carlos Castillo, masqueraded as video players offering trailers of Android games and anime content. In the background and without warning, they also obtained the phone number and a unique identifier of the infected device and sent the information in clear text to a remote server under the control of the software developers. Statistics provided by Google Play (formerly the Android Market) indicated they had been downloaded at least 70,000 times, according to Castillo, who didn’t provide the name of the apps or the developers marketing them.
The discovery marks at least the second time Google servers have been caught distributing Android malware since the company announced a new cloud-based service that scours its online bazaars for malicious apps. Two weeks ago, a separate set of researchers found malicious extensions in the Google Chrome Web Store that could gain complete control of users’ Facebook profiles.
A Google spokesman declined to comment on Friday’s report from Castillo. Japanese researchers appear to have been the first to uncover the malicious apps, according to this translation from hatena.ne.jp.
The repeated discoveries of malware hosted on Google servers underscore the darker side of a market that allows anyone to submit apps with few questions asked. Whatever critics may say about Apple’s App Store, which is significantly more selective about the titles it hosts, complaints about malware aren’t one of them. Why outsiders are making the all-too-frequent discoveries of trojans in Google Play and the Chrome store before the company’s security team does is a question that has yet to be answered.
from Ars Technica