Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Rogue apps inside Android Marketplace - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Rogue apps inside Android Marketplace

Android Marketplace is a place where users that own devices using the Android operating system can download a large variety of apps for the device. There has been reports of applications that have gone into Android Marketplace DroidDream infected with malware, which was rooting phones and stealing the IMSI and IMEA codes.

One of the favorite targets of attackers are mobile devices. They can use them as bridges to gain access to corporate data network. To minimize risks, it is important to establish a security baseline and place antimalware protection inside them. We have the example of Trendmicro Mobile Security for Android, Mcafee Mobile Security and Symantec Mobile Internet Security.

More information at and

-- Manuel Humberto Santander Peláez | | | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

195 Posts
ISC Handler
Mar 3rd 2011
One of the most interesting facts surrounding this incident is how few of the supposed antivirus products for Android detected anything at all.
Agreed, Mobile Anti-malware still seems to be leagues behind. I'm always a little disheartened when Symantec Mobile claims to be 'up to date' despite having 2 week old definitions.
I agree as well. At least a savy Android user can find anti-malware for thier devices. Windows 7 Phone has no anti-malware support to date and it's been on the market for over 6 months. Can we expect to see the same thing happening to them in the near future too?

14 Posts
Why would I need anti-malware on my device ? It is the AppStores job to ensure that they are not infecting users, and to use the kill switch when they find bad stuff.
It is complete waste to spend my valuable CPU cycles/battery on doing something that could easily be done centrally.
Just need a responsible Marketplace/AppStore.
Povl H.

79 Posts
That might be sufficient if you don't visit any web pages, never receive email or SMS, and only use your device to connect to the app store.
Povl H.
6 Posts
I totally agree with Scott! :-)
Povl H.
27 Posts

21 Posts

Sign Up for Free or Log In to start participating in the conversation!