Stolen apps that root Android, steal data and open backdoors available for download from Google Market

To many of its fans, the openness and freedoms offered by the Android mobile operating systems is one of its main selling points. But that openness come with a price - it makes it easy for nefarious types to sneak malware into apps. And that's exactly what they are doing.

Redditor lompolo has stumbled upon a perfect example of that fact; he's noticed that a publisher has taken "... 21 popular free apps from the market, injected root exploits into them and republished." The really scary part? "50k-200k downloads combined in 4 days."

So take some free apps, inject them with malware and re-release them. It's that simple. Then profit! And there's almost no limit to what these apps can get away with:

I asked our resident hacker to take a look at the code himself, and he's verified it does indeed root the user's device via rageagainstthecage or exploid. But that's just the tip of the iceberg: it does more than just yank IMEI and IMSI. There's another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that's all child's play; the true pièce de résistance is that it has the ability to download more code. In other words, there's no way to know what the app does after it's installed, and the possibilities are nearly endless.

Scary stuff. And remember, unlike the Android malware I blogged about yesterday, this code has been freely available for download from the official Google app market.

The publisher in question, Myournet, has been removed from the Android Market. Here is a list of affected apps:

• Falling Down
• Super Guitar Solo
• Super History Eraser
• Photo Editor
• Super Ringtone Maker
• Super Sex Positions
• Hot Sexy Videos
• Chess
• ????_Falldown
• Hilton Sex Sound
• Screaming Sexy Japanese Girls
• Falling Ball Dodge
• Scientific Calculator
• Dice Roller
• ????
• Advanced Currency Converter
• App Uninstaller
• ????_PewPew
• Funny Paint
• Spider Man
• ???

Also affected were the following apps by a publisher called Kingmall2010:

• Bowling Time
• Advanced Barcode Scanner
• Supre Bluetooth Transfer
• Task Killer Pro
• Music Box
• Sexy Girls: Japanese
• Sexy Legs
• Advanced File Manager
• Magic Strobe Light
• ??????
• ????Panzer Panic
• ????Mr. Runner
• ??????
• Advanced App to SD
• Super Stopwatch & Timer
• Advanced Compass Leveler
• Best password safe
• ???
• ????

And these by we20090202:

• Finger Race
• Piano
• Bubble Shoot
• Advanced Sound Manager
• Magic Hypnotic Spiral
• Funny Face
• Color Blindness Test
• Tie a Tie
• Quick Notes
• Basketball Shot Now
• Quick Delete Contacts
• Omok Five in a Row
• Super Sexy Ringtones
• ?????
• ?????
• ????

There's plenty that Android handset owners can do to stay safe (most of the advice consists of not removing safeguards put in place to protect them), but when it comes to the official download channel, Google needs to be doing more to protect Android users from malware.

If you've got apps from this publisher installed, it's probably a good idea to uninstall them. You also might want to contact your handset maker or phone company for help and advice.