'Trojanized' version of Google Android security tool found in China

Someone has modified a version of software Google released to clean up infected Android phones and released it on an unregulated marketplace in China, Symantec says.

Suspicious code is lurking in a repackaged Chinese version of a tool Google released last weekend to remotely clean malicious apps off Android phones, Symantec said today.

This "trojanized" package was found on an unregulated third-party Chinese marketplace and not on the official Android Market, Symantec said in a blog post.

After 58 malicious apps were found on the Android Market last week and downloaded onto about 260,000 devices, Google removed the apps from the market and then wiped them from the phones too.

Now, Symantec says someone appears to have taken the "Android Market Security Tool" used to clean up the devices infected with the malware, repackaged it and inserted code in it that seems to be able to send SMS messages if instructed by a command-and-control server.

It also looks like the code used in the new threat is based on a project hosted on Google Code and licensed under the Apache License, according to Symantec.

A Google spokesman provided this statement when asked for comment: "We encourage Android users to only install applications from sources they trust."

Several things should raise red flags for people with this threat -- it's not on the official, trusted Android Market and it requires a user to install it whereas the Google tool used an automatic push function to distribute the legitimate app.

The initial malware found on the Android Market, dubbed "DroidDream," not only could capture user and product information from a device but also had the ability to download more code capable of further damage.

"We have added detection for the trojanized version of Google's application as Android.Bgserv," Symantec said.

Meanwhile, a Kaspersky researcher has questioned the efficacy and methods of Google's Android security tool itself.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Find Your Tech Type

Take our tech personality quiz and enter for a chance to win* high-tech specs!