Google Tool Cleans Up Mobile Malware ‘Dream’
Over the weekend www.mcafee.com/activate product key Google released the Android Market Security Tool to help clean up devices infected with the DroidDream malware www.mcafee/activate. The Android/DrdDream family of malware used a pair of exploits (Expoit/LVedu and Exploit/DiutesEx) to gain root access on vulnerable mcafee.com/activate product key Android devices. More than 50 Android applications were reported to be infected; all were pulled from the Android Market. The applications were all versions of legitimate mcafee.com/activate product key programs www.mcafee.com/activate download that were repackaged www.mcafee.com/activate by the malware authors with malicious code.
Android/DrdDream sends a collection of information (IMEI, IMSI, OS version, etc.) to the attacker and also attempts to mcafee.com/activate product key download additional www.mcafee/activate payloads. Although the malware uses the pair of root exploits www.mcafee.com/activate, it doesn’t actually www.mcafee.com/activate download need root access to mcafee.com/activate product key send the data to the attacker www.mcafee.com/activate product key.
Inside the Android Market Security Tool
Google has its official www.mcafee.com/activate product key statement on the the tool on the www.mcafee/activate Android Market help site. www.mcafee.com/activate download They list a number mcafee.com/activate product key of steps they’ve www.mcafee.com/activate taken mcafee.com/activate product key to remedy Android/DrdDream (“March 2011 Security Issue”):
- Suspending the developer accounts (three users) and removing www.mcafee.com/activate download the malicious applications from Android Market
- Remotely uninstalling the malicious www.mcafee.com/activate apps from infected www.mcafee/activate devices
- Pushing out the Android Market Security www.mcafee.com/activate product key Tool to infected devices
Disabling accounts, taking apps out www.mcafee.com/activate of the store, and hitting the remote-app kill switch were www.mcafee.com/activate download already well known ways for handling bad Android mcafee.com/activate product key apps www.mcafee/activate. Sending a security application www.mcafee.com/activate product key to a phone is a whole new addition to the toolbox.
As a security researcher I find it interesting to see how new security tools are put together, more so when they come from mcafee.com/activate product key an operating system www.mcafee/activate developer. Normally I dig into the internals of malware; this time I got to see inside a mobile malware removal tool. www.mcafee.com/activate download Google’s security tool is available www.mcafee.com/activate on the Android Market, so I was able to grab a copy for analysis.
The Android Market Security Tool is an Android app that also has a non-Dalvik native application mcafee.com/activate product key component called droidreamclean. Android/DrdDream drops a few additional files (native binaries, an additional APK, etc.) on an infected phone. Because the files www.mcafee.com/activate download are located outside of the app directory, simply uninstalling the www.mcafee/activate app won’t remove them from the phone www.mcafee.com/activate product key. Really cleaning the phone requires access to the file system at a level that standard Android applications can’t reach www.mcafee.com/activate. The security app launches droid dreamclean to delete the additional files and restore some security settings.
Comments
Post a Comment