All these days people have been cursing Apple’s app review policy and saying that Google’s Android Market is open and better. Well, here is a slap on the face of the open Android market. The publisherÂ Myournet has been publishing scary malware apps that root your phone and steal your data. According to Android Police, the apps have the ability to steal your phone’s IMEI/IMSI, Product ID, Model, Partner (Carrier/Manufacturer), Language, Country and User ID. What’s even more scary is thatÂ the apps can download more malware code from the Internet which can do pretty much anything to anything in your phone
Myournet had published 21 free apps in the Android Market that accounted for 50k-200k downloads in just 4 days. As of now they have been taken off the market but here is a list in case you want to see whether you’ve already downloaded any of the app.
The malware apps were discovered by Reddit userÂ Lompolo whoÂ explained the situation as follows.
Link to publishers appsÂ here. I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasnâ€™t who it was supposed to be.
Super Guitar Solo for example is originallyÂ Guitar Solo Lite. I downloaded two of the apps and extracted the APKâ€™s, they both contain what seems to be the “rageagainstthecage” root exploit â€“ binary contains string “CVE-2010-EASY Android local root exploit (C) 2010 by 743C”. Donâ€™t know what the apps actually do, but canâ€™t be good.
I appreciate being able to publish an update to an app and the update going live instantly, but this is a bit scary. Some sort of moderation, or at least quicker reaction to malware complaints would be nice.
EDIT: After some dexing and jaxing, the apps seem to be at least posting the IMEI and IMSI codes toÂ http://220.127.116.11:8080/GMServer/GMServlet, which seems to be located in Fremont, CA.
Looks like Google needs to start monitoring the Android Market more seriously. Such openness is not welcome.
Liked this article? Like us on Facebook!