Android Malware Removal Tool, Trojanized

Google has seen how in just a week its security package to remotely clean the malware of Android terminals has been modified. This modified version is available in some irregular app stores in China.

The fake security tool sent an SMS to a command and control server (hxxp://www.youlubg.com:81/Coop/request3.php) and from Symantec they assure that the threat code seems to be based on a project hosted in Google Code and licensed apache: http://code.google.com/p/mmsbg/

Although it is usually the manufacturers of terminals and operators who offer updates for the devices, last week Google launched "Android Market Security Tool March 2011" to remove DroidDream, a malware that contaminated about 50 applications from Android Market.

Among the objectives of DroidDream, steal information from the terminal where it is installed to send it to a server, but it is also capable of downloading code on a user's mobile phone. Google has already patched the vulnerabilities in Android versions above 2.2.2, but most Android users don't have the latest version of the software.

Security experts claim that "Android Market Security Tool March 2011" does not fix the vulnerabilities that allow DroidDream to infect terminals, but simply removes malware.

Security difficulties on Android

Criticism of Android continues to claim that patches cannot be installed locally. Due to the nature of the platform it is very expensive and difficult to perform security actulizations as they can be done on desktop operating systems, such as Linux or Windows, as well as on iPhone, where these patches are installed via iTunes.

Source: ITEspresso, ReadWriteWeb and Symantec

See original.