Google Tool Cleans Up Mobile Malware ‘Dream’

Over the weekend www.mcafee.com/activate product key Google released the Android Market Security Tool to help clean up  devices infected with the DroidDream malware www.mcafee/activate. The Android/DrdDream family of malware used a pair of exploits (Expoit/LVedu and Exploit/DiutesEx) to gain root access on vulnerable mcafee.com/activate product key Android devices.  More than 50 Android applications were reported to be infected; all were pulled from the Android Market. The applications were all versions of legitimate mcafee.com/activate product key programs www.mcafee.com/activate download that were repackaged www.mcafee.com/activate by the malware authors with malicious code.

Android/DrdDream sends a collection of information (IMEI, IMSI, OS version, etc.) to the attacker and also attempts to mcafee.com/activate product key download additional  www.mcafee/activate payloads. Although the malware uses the pair of root exploits www.mcafee.com/activate, it doesn’t actually www.mcafee.com/activate download need root access to mcafee.com/activate product key send the data to the attacker www.mcafee.com/activate product key.

Inside the Android Market Security Tool

Google has its official www.mcafee.com/activate product key statement on the the tool on the www.mcafee/activate Android Market help site.  www.mcafee.com/activate download They list a number  mcafee.com/activate product key of steps they’ve www.mcafee.com/activate taken mcafee.com/activate product key to remedy Android/DrdDream (“March 2011 Security Issue”):

  • Suspending the developer accounts (three users) and removing www.mcafee.com/activate download the malicious applications from Android Market
  • Remotely uninstalling the malicious www.mcafee.com/activate apps from infected www.mcafee/activate devices
  • Pushing out the Android Market Security www.mcafee.com/activate product key Tool to infected devices

 

Disabling accounts, taking apps out  www.mcafee.com/activate of the store, and hitting the remote-app kill switch were www.mcafee.com/activate download already well known ways for handling bad Android  mcafee.com/activate product key apps www.mcafee/activate. Sending a security application www.mcafee.com/activate product key to a phone is a whole new addition to the toolbox.

As a security researcher I find it interesting to see how new security tools are put together, more so when they come from mcafee.com/activate product key an operating system www.mcafee/activate developer. Normally I dig into the internals of malware; this time I got to see inside a mobile malware removal tool. www.mcafee.com/activate download Google’s security tool is available www.mcafee.com/activate on the Android Market, so I was able to grab a copy for analysis.

The Android Market Security Tool is an Android app that also has a non-Dalvik native application mcafee.com/activate product key component called droidreamclean. Android/DrdDream drops a few additional files (native binaries, an additional APK, etc.) on an infected phone. Because the files www.mcafee.com/activate download are located outside of the app directory, simply uninstalling the www.mcafee/activate app won’t remove them from the phone www.mcafee.com/activate product key. Really cleaning the phone requires access to the file system at a level that standard Android applications can’t reach www.mcafee.com/activate. The security app  launches droid dreamclean to delete the additional files and restore some security settings.


Comments

Post a Comment

Popular posts from this blog

Introducing tracking prevention, now available in Microsoft Edge preview builds

Image
Today, we’re releasing an experimental preview of tracking prevention for Microsoft Edge. We features of build microsoft edge as one of the concepts we’re exploring www.mcafee.com/activate product key to offer greater transparency and control over your online data . Microsoft Edge Insiders can www.mcafee/activate now try out tracking mcafee.com/activate product key prevention by enabling the experimental flag on Microsoft Edge preview builds starting with version 77.0.203.0 (today’s Canary channel release).  (Note: Today’s Canary release www.mcafee.com/activate download is not currently www.mcafee.com/activate available for macOS due to a build issues. Tracking prevention will be available in the next update to the Canary channel on macOS.) Tracking prevention is designed to protect you from being tracked by websites that you aren’t accessing directly. Whenever a website is visited, trackers from other sites may save information in the browser ww...
Read more

Why businesses need to back up

Image
For almost any business, information is critical: documents, contacts, contracts, correspondence, accounts, and so on. Modern technologies help not only to manage business-critical data  www.mcafee.com/activate product key , but also to lose  www.mcafee/activate  it in the blink of an eye. For most companies, losing access to data means the suspension  www.mcafee.com/activate download  of all business processes  mcafee.com/activate product key , inevitably leading to lost profit, damage to reputation, and recovery costs. Rest assured, there is no shortage  www.mcafee.com/activate  of data loss scenarios out there waiting to happen — and almost none of them has anything to do with the quality of your equipment. Here are just a few. Ransomware An employee might click a malicious file downloaded from the Internet or an attachment in an e-mail sent by cybercriminals. Doing so doesn’t just encrypt data on the local machine; ransomware has a nasty habi...
Read more

Hackers and their motives

Image
It's  true that recent  www.mcafee.com/activate cyber attacks have ranged from the catastrophic effects of   that paralyze corporate mcafee.com/activate product key and urban functions www.mcafee.com/activate product key to  data www.mcafee/activate breaches that expose millions www.mcafee.com/activate download of customers. , I don't hear much about hackers themselves.  Not surprisingly, many  www.mcafee.com/activate hackers hide their identities because of their criminal activity www.mcafee.com/activate download.  But you might be surprised to find that not  www.mcafee/activate all hackers are bad.  There are all kinds of hackers in the www.mcafee.com/activate product key rapidly evolving field of technology.   The hacker's actions and their purpose are shown below.   White Hat Hacker: A   justice hacker and computer security expert who specializes in penetration testing and other technique...
Read more