Security researchers have found more malware hosted in Google's official Android market, a discovery that once again demonstrates the limitations of a recently deployed scanning service designed to flag malicious apps before they can be downloaded by end users.
Android.Dropdialer, a trojan that racks up costly charges from forced calls made to premium phone numbers, was found in two separate titles that weren't caught for weeks, according to a blog post published Tuesday by Irfan Asrar, a researcher with antivirus provider Symantec. "Super Mario Bros." and "GTA 3 Moscow City," as the malicious apps were packaged, generated as many as 100,000 downloads, although Asrar didn't say if that figure was for each separate title or in aggregate.
"What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered," Asrar wrote. "Our suspicion is that this was probably due to the remote payload employed by this Trojan."
Continued : http://arstechnica.com/security/2012/07/more-malware-found-hosted-in-google-android-market/
New Android Malware Discovered in Google Play
More Malware Using a Remote Payload Discovered on Google Play
Trojan found being offered on Google Play for weeks
Trojan Hides on Google Play as "Super Mario" and "GTA 3 Moscow City"
@ Symantec's Security Response Blog:
Android.Dropdialer Identified on Google Play
Android Apps Get Hit with the Evil Twin Routine Part 2: Play It Again Spam