Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market.

There are at least 34 applications that researchers have found in the Android Market in the last few days that had a version of the DroidDream malware dropped into them. Once a user installs one of the infected applications, the malicious component, which researchers have dubbed DroidDream Light, will kick in once the user receives an incoming call. The malware then gathers some identifying information from the phone, including its IMEI number, IMSI number, packages installed and other data, and then sends it off to a pre-configured remote server.

There are apparently six developers whose apps have been infected with DroidDream Light in the last few days.

"Malicious components of DroidDream Light are invoked on receipt of a android.intent.action.PHONE_STATE intent (e.g. an incoming voice call). DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior. The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention," researchers at Lookout Mobile Security wrote in an analysis of the new version of the malware.

The list of infected apps includes:

Floating Image Free
System Monitor
Super StopWatch and Timer
System Info Manager
Call End Vibrate
Quick Photo Grid
Delete Contacts
Quick Uninstaller
Contact Master
Brightness Settings
Volume Manager
Super Photo Enhance
Super Color Flashlight
Paint Master
Quick Cleaner
Super App Manager
Quick SMS Backup
Tetris
Bubble Buster Free
Quick History Eraser
Super Compass and Leveler
Go FallDown !
Solitaire Free
Scientific Calculator
TenDrip

This is the second major incident involving DroidDream-infected apps in the Android Market. In March, Google pulled another large batch of infected apps from the market and later remotely removed from the devices of users who had downloaded them. It's not clear whether Google will use that capability again, but the company has not been shy about doing so in the past when malicious apps have been identified in the Android Market.

Source:
http://threatpost.com/en_us/blogs/droiddream-returns-dozens-infected-apps-pulled-android-market-060111

Free Cloud File Sharing : http://www.CloudBins.com
Cloud Hosting - Internet Security: http://www.ParagonHost.com