Android malware resurfaces on Market and Chinese app stores

Security experts are again warning users to beware of rogue Android applications circulating on the official Android Market and various Chinese app stores.

Xuxian Jiang, assistant professor at the computer science department of North Carolina State University, warned of new Android malware dubbed HippoSMS which sends text messages to premium rate numbers and even deletes messages from the operator warning of the high charges for doing so.

The threat has not been found in the official Android Market, but it is targeting Chinese mobile users by appearing in several app stores in the region, and several leading mobile anti-virus products fail to detect it, said Jiang.

"HippoSMS directly piggybacks the host app so that when the app is launched, it will immediately activate one service to send SMS messages to a hard-coded premium-rated number (1066******)," he wrote in a research note.

"After that, it registers one ContentObserver to monitor incoming SMS messages. Inside theContentObserver, it will delete any SMS message if it starts with the number '10'.

Such numbers, Jiang noted, usually represent legitimate Chinese phone service providers which typically notify customers about account balances.

Meanwhile, on Friday, researchers at Lookout Security warned that a new version of the infamous DroidDream malware had appeared briefly on the Android Market.

The latest threat, which is a version of the DroidDream Light variant spotted in June, was seen in four applications published by a developer named MobNet and may have been downloaded by as many as 5,000 smartphone owners.

The malware has the ability to download other apps, visit malicious URLs and even download updated versions of itself, according to Lookout Security.

"Similar to the first samples of DroidDream Light, these samples are not reliant on the manual launch of the infected application to start," the firm wrote in a blog post.

Android's relatively open ecosystem and lack of security vetting for applications uploaded to the Android Market mean that the platform is getting an increasingly bad name when it comes to malware.

Security firm Trusteer branded Android a "fraudster's heaven" and said that as many as one in 20 iOS and Android devices could be infected by 2012.

Eddy Willems, security evangelist at G Data, argued that the discoveries are evidence of Android's growing popularity worldwide.

"As is the case with computer malware, cyber criminals and anti-virus vendors are in a constant rat race concerning mobile operating platforms, with new, unknown attacks always around the corner," he told V3.co.uk.

"Securing your device with mobile security software is smart, because it protects against the attacks that are known. However, users must also be cautious when downloading apps and accessing their online banking accounts."