Thursday, June 16, 2011

Spreading Malware Through the Android Market

Nice post [Spanish] written by SecurityByDefault, that explains how simple is the process of spreading malware through the Android Market.

It seems that people perceive the market like a safe place and a controlled software repository, but it is far from that. Once we create an account and we pay 20 Euros (Europe) we can upload applications without any control or restriction. Therefore, the only barrier is the user's criteria (weak!). In fact, some people downloaded the tested applications without advertising them!!!

The test consisted in uploading two applications that were fully functional, but with 'extra' functionality. Both pretended to be an inoffensive Fortune program, but it was more than that:


  • Quote It. It leaks the contact list through GET requests with the excuse of downloading the quotes. The mechanism is simple: Encrypt the data and leak it by using the cookies in the above HTTP requests.
  • Quote Slim. It opens a backdoor on port 8080, that permits to execute commands, access files, etc..

No comments:

Post a Comment