Android Market rules let SndApp trojan slip through

Răzvan STOICA

September 29, 2011

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Android Market rules let SndApp trojan slip through

Bitdefender antimalware researchers Csaba-Zsolt Juhos and Vlad Ilie thoroughly documented SndApps as a trojan malware family – but Google doesn’t see it their way.

The first instance of a SndApps adware trojan was discovered and described by a NCSU team with  Assistant Professor Xuxian Jiang at the lead on July 4 this year and removed on July 17 by Google from the Android Market.

Yet, the applications have been returned and are still present in the Android Market, having underwent a few changes – such as the addition of “interestingEULAs and encryption for the haul of data they make off with.

Apparently, that’s all it took for Google to re-instate them on the market.

This, for an app that takes the phone’s IMEI, the victim’s  phone number  and e-mail address,  the network operator name and country code, encrypts  the stolen  information using AES/CBC  and uploads  it to a server controlled by the malware authors. This done, it proceeds to serve advertisements, in the form of notifications.

Not what you or I would call a legitimate app – yet the rigid rules set by Google make it possible for these programs to continue to be distributed, under the aegis of the Android Market.

tags


Author


Răzvan STOICA

Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. Recruited by Bitdefender in 2004 to add zest to the company's online presence.

View all posts

You might also like

Bookmarks


loader