Lookout Mobile Security Identifies a Third Iteration of DroidDream Light (Malware Threat)
If there’s one thing you can say about the guys behind the DroidDream Lite malware attacks it’s that they are persistent. Lookout Mobile Security has identified a third round of the malware affected a very small number of Android handsets, however the threat has been removed. Again. And for now. Downloads are reported to be in the range of 1,000-5,000 and came on the backside of apps from a developer known as Mobnet.
For those of you who don’t have Lookout on your phone (shame on you), you’ll be wise to look through your apps to see if you have one of these four titles.
- Quick FallDown
- Scientific Calculator
- Bubble Buster
- Best Compass & Leveler
Lookout advises that there is an other app in the Android Market with a very similar name in Best Compass & Leveler. Please double check the package name of the app to determine if you are affected.
- GOOD: com.gb.compassleveler
- BAD: com.gb.CompassLeveler
As always, if you did have Lookout on your Android device, you’re safe and sound.
For those not aware of what DroidDream Lite does, here’s what Lookout has to say about it.
Malicious components of DroidDream Light are invoked on receipt of a android.intent.action.PHONE_STATE intent (e.g. an incoming voice call). DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior. The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.
You might also like
AT&T and Samsung recently launched a new Android powered device which is known as the Infuse 4G, and it’s Samsung’s first ever 4G handset over at AT&T. It’s huge, good
A user over on the XDA forums who is a T-Mobile employee, got his hands on an LG G4 to apparently test the device. Fortunately for us, he wanted to post
Both the Android 1.0 SDK and the T-Mobile G1 announcements had some interesting tidbits that didn’t attract all the news coverage, but might impact you as an Android developer in the coming weeks and months.