Ten more applications have been pulled from the Google’s official Android Market following a notification that they contained a new kind of Android malware. The malware was discovered by Xuxian Jiang, an assistant professor at the NC State University, and his team. As we have already witnessed before, the malicious code is “grafted” onto legitimate applications, and once the app is installed, it works as a background service whose goals is to gather information and transmit it to a remote server. The server takes the information in consideration and returns a URL from which the malware downloads a .jar file that, once loaded, exploits Dalvik class loading capability to stay hidden by evading static analysis.
This kind of stuff will be good for differentiation between MarketPlaces like Amazon App Store and Android Marketplace, I guess that the one that allows the user to be relatively safe without compromising App availability will get more money or at least confidence while buying/exploring.
Would be interesting to know which apps have been pulled…
What I want to know is where in the process between the developer submitting the app and the user installing it is the malware tacked onto the app?
Bluntly, who got pwned?