A Tokyo-based Symantec researcher claims to have discovered another batch of infected Google Android apps, subverted by what he calls the follow-up to the now-infamous DroidDream malware.
According to Irfan Asrar, this latest Android malware – Android.Lightdd – has been promulgated by several Google publisher accounts, although these all appear to have been disabled, he reports.
"The key point to note is that even though the news of the return of 'DroidDream' has created a bit of a stir with approximate high download rates being quoted – due to the fact that the threat was available through official channels – unlike its predecessor, this threat does not carry out any system level exploits and does not require the infected user to carry out any complex steps to restore the device back to the pre-infection state", he says in his latest security blog.
Lightdd, he adds, follows a formulaic pattern – in addition to containing the malicious code base, which runs as a service called 'CoreService', the repackaged app also contains a configuration file 'prefar.dat'.
The contents of this dat file, he notes, include three URLs, which the threat uses to establish the malicious host to contact, although all three IP hosts are now offline. Read More
