Google has taken down more than 50 infected programs from its official app store, Android Market.
Infected Android apps were pulled from the Android Market. Photo credit: Bonnie Cha/CNET News
The apps contained malware called DroidDream hidden in seemingly legitimate apps and were pulled on Tuesday, mobile security company Lookout said in a blog post on Wednesday. Between 50,000 and 200,000 users downloaded the infected apps, said the company.
"Unlike previous instances of malware in the wild that were only available in targeted alternative app markets, DroidDream was available in the official Android Market in addition to alternative markets, indicating a growing need for Android users to take extra caution when downloading apps," the blog post said.
Lookout did an analysis of one of the infected apps, Bowling Time, and found that once a user runs the program, sensitive data such as the International Mobile Equipment Identification (IMEI), the International Mobile Subscriber Identity (IMSI) code, the device model and SDK version are sent to a command and control server.
The malware appears to open a backdoor into the device that can download more code, and it also seems to be able to send other sensitive data to the command and control server, said Lookout.
DroidDream uses two consecutive exploits to attempt to break out of the Android sandbox and gain root access: 'exploid' and 'rageagainstthecage'.
Google had no official statement at the time of writing. Previously, Google has said that the combination of the sandbox, user-authorised permissions and the ability for users to flag suspect software are sufficient security provisions to compensate for the dangers of allowing all developers to upload applications freely to the Android Market.
Hackers are targeting Android apps as the mobile platform gains in popularity, according to security company Symantec.