The Google App store has been attacked once again by malicious software. This time no fewer than 25 affected apps have been found.
I understand the findings were announced by a mobile security company called Lookout. A spokesperson for the company believes the malware is likely to have been created by the same developer who created the DroidDream malware found last March. This was found in 50 Google Apps.
Lookout says that the malicious code is simpler this time than the previous incarnation. The company have nicknamed it DroidDream Light, and thinks that it has probably infected up to 120,000 Android users’ handsets.
Lookout also says that this awful malicious coding is activated after downloading simply by a phone call. In turn, information identifying the user from the infected handset is sent to one of three remote servers. I’m not sure how the company worked that out, but I am concerned though that a user’s unique identifiers together with information about programs installed on the handset is known.
What’s more the malicious application can also install even further malicious software. However in order to do so the user must confirm this is what they want. But how often are we guilty of just clicking yes, without really knowing what we are agreeing to in the first place?
How do you know your handset is infected? Lookout’s Chief Technology Officer Kevin Mahaffey told blogs.forbes.com “When you download apps, if some sexy girl app needs to access your phone’s state and identity, that’s a tip off something weird is going on.”