- Jan 24, 2011
- 9,378
Only a couple of days after Google published its Android Market Security Tool - that removes all malicious applications infected with Droid Dream malware and prevents their installation - a malicious version of the tool appeared on alternative Chinese application markets.
The Trojanized version of the tool is packaged with open source Java code taken from a project hosted on Google's own online source code repository. The project includes functionality to send MMS messages in the background, for example, when the device boots up.
A suspicious user will immediately notice the difference between the fake and the real Android Market tool if they check the permissions required at installation.#
While the original tool only requires three permissions, the Trojanized version requires additional permissions for "Services that cost you money" as well as the device location.
More details - link
The Trojanized version of the tool is packaged with open source Java code taken from a project hosted on Google's own online source code repository. The project includes functionality to send MMS messages in the background, for example, when the device boots up.
A suspicious user will immediately notice the difference between the fake and the real Android Market tool if they check the permissions required at installation.#
While the original tool only requires three permissions, the Trojanized version requires additional permissions for "Services that cost you money" as well as the device location.
More details - link
