If there’s one thing you can say about the guys behind the DroidDream Lite malware attacks it’s that they are persistent. Lookout Mobile Security has identified a third round of the malware affected a very small number of Android handsets, however the threat has been removed. Again. And for now. Downloads are reported to be in the range of 1,000-5,000 and came on the backside of apps from a developer known as Mobnet.
For those of you who don’t have Lookout on your phone (shame on you), you’ll be wise to look through your apps to see if you have one of these four titles.
- Quick FallDown
- Scientific Calculator
- Bubble Buster
- Best Compass & Leveler
Lookout advises that there is an other app in the Android Market with a very similar name in Best Compass & Leveler. Please double check the package name of the app to determine if you are affected.
- GOOD: com.gb.compassleveler
- BAD: com.gb.CompassLeveler
As always, if you did have Lookout on your Android device, you’re safe and sound.
For those not aware of what DroidDream Lite does, here’s what Lookout has to say about it.
Malicious components of DroidDream Light are invoked on receipt of a android.intent.action.PHONE_STATE intent (e.g. an incoming voice call). DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior. The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.