Last March, malicious hackers infected Google Apps such as those available on the Android app store. This forced the company to withdraw 50 of its apps. A few weeks ago, a similar thing happened with 26 apps withdrawn.
I’ve now heard that the Android App Store has been attacked again. The numbers this time are small, I understand – just 10 applications. However, the attack is apparently different this time. Speaking with informationweek.com, Xuxian Jiang, an Assistant Professor in Computer Science at North Carolina State University who has been investigating this affair, explained that the new malware, called Plankton, doesn’t attempt to root Android phones. Instead he said “Plankton is the first one that we are aware of that exploits Dalvik-class loading capability to stay stealthy and dynamically extend its own functionality.”
He added “Its stealthy design also explains why some earlier variants have been there for more than two months without being detected by current mobile anti-virus software.”
What does this all mean in practice?
From what I understand, when a user fires his or her device up, the malware loads some “background service” that the user isn’t aware of. This “service” scrutinises the handset or other mobile device looking for private user data. This can include the device code. Once the information is found the malware then sends it back (again without the user’s knowledge) to a remote server.
The device is then ripe for direct hacking by anyone who gets hold of the user’s private details. This is all performed without any human intervention.