Jump to content

DroidDream malware found on Android Market

Guest dwl99

By Guest dwl99
in ZTE Blade / Libra - Blade.MoDaCo.com

 Share

Recommended Posts

Guest Lew247

Guest Lew247

Posted
Posted

old news about the malware

Google removed the affected apps within 5 minutes of it being reported and also banned the people who's apps they were

Aparently Google can also remotely removed the apps from people's phones that had installed them

I've seen some reports that said they did this but not sure of how reliabe the info is.

Guest dwl99

Guest dwl99

Posted
Posted

Even if the apps are removed from the phone the malware stays.

Guest Swimmerboy

Guest Swimmerboy

Posted
Posted
Even if the apps are removed from the phone the malware stays.

Yea, from the report I read the affected apps had the ability to root the phone (if not already) then download and install additional stuff. Removing the original app would leave the malware still there.

Guest The Soup Thief

Guest The Soup Thief

Posted
Posted

I asked this in another thread and got no reply

Can anyone shed any light?

Going to the Android Market's web portal https://market.android.com/ always seems to set of a Cerificate Error alert for me wherever I try to access it from

There is a problem with this website's security certificate.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.

Continue to this website (not recommended).

More information

If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.

When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.

If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.

Obviously you can sail past this, but I just find it surpirising to be getting this on a google site - anyone else get the same?

Guest dwl99

Guest dwl99

Posted
Posted
I asked this in another thread and got no reply

Can anyone shed any light?

Going to the Android Market's web portal https://market.android.com/ always seems to set of a Cerificate Error alert for me wherever I try to access it from

Obviously you can sail past this, but I just find it surpirising to be getting this on a google site - anyone else get the same?

I accessed it with Firefox with no problems

Guest Swimmerboy

Guest Swimmerboy

Posted
Posted
I asked this in another thread and got no reply

Can anyone shed any light?

Going to the Android Market's web portal https://market.android.com/ always seems to set of a Cerificate Error alert for me wherever I try to access it from

Obviously you can sail past this, but I just find it surpirising to be getting this on a google site - anyone else get the same?

Looking at the certificate it seems that they've used a wildcard certificate (*.google.com) and not realised that the website they're securing isn't on this domain (market.android.com). Feel free to get in touch with google about this if it's bothering you, other than that there's not much you can do as the problem's at their end.

Guest The Soup Thief

Guest The Soup Thief

Posted
Posted
I accessed it with Firefox with no problems

Humm - thanks for the feedback

Accessing from home with Chrome and other places with IE I get that warning 100% consistently, when I'm not even logged in to the google (so it can't know it's me yet - unless google's all seeing eye is further developed than I thought)

Can still get to it, but it just strikes me as very odd to get this warning first

Anyone else ever see it on other browsers?

I'll try on firefox this evening

Guest Swimmerboy

Guest Swimmerboy

Posted
Posted (edited)
I accessed it with Firefox with no problems

Me too, and Firefox thinks it's got the correct certificate but internet explorer and the android browser both complain.

<Edit> Just compared - Firefox thinks the certificate is Valid from 05/01/2011 at 22:47:32 until 05/01/2012 at 22:57:32

On the other hand IE thinks it's valid from 05/01/2011 at 22:45:09 until 05/01/2012 at 22:55:09

I can't even think of a method to had out different certificates to different browsers but this seems to be what's happening. If you check the serial numbers of the certificates:

FF: 4D3BAFFA000300002199

IE: 4D3980B7000300002161

Edited by Swimmerboy
Guest The Soup Thief

Guest The Soup Thief

Posted
Posted
Me too, and Firefox thinks it's got the correct certificate but internet explorer and the android browser both complain.

Lets see if it is a widespread problem. Don't you think its odd that Google should set up a high profile website like this and have this clunkiness in it? (and that it still ain't fixed a couple of months on from launch - though I've seen no other complaints about it, leading me to have wondered if it's just me)

Guest Swimmerboy

Guest Swimmerboy

Posted
Posted
Lets see if it is a widespread problem. Don't you think its odd that Google should set up a high profile website like this and have this clunkiness in it? (and that it still ain't fixed a couple of months on from launch - though I've seen no other complaints about it, leading me to have wondered if it's just me)

Happens to me too via IE and Android (over different connections) and the certificate doesn't match so it should be affecting everyone.

Guest oh!dougal

Guest oh!dougal

Posted
Posted

Could we have a different thread for discussion of Google's httpS security certification issues?

This thread being about market-supplied malware -- does anyone have a test for telling whether your phone is infected?

Guest Swimmerboy

Guest Swimmerboy

Posted
Posted
Could we have a different thread for discussion of Google's httpS security certification issues?

This thread being about market-supplied malware -- does anyone have a test for telling whether your phone is infected?

Dont know if there's a way to do it automatically, but looking into /system/app and comparing it with the Rom you flashed, and looking in /data/app and ensuring that you know what all the apps do would be a good start.

Guest dwl99

Guest dwl99

Posted
Posted (edited)
Could we have a different thread for discussion of Google's httpS security certification issues?

This thread being about market-supplied malware -- does anyone have a test for telling whether your phone is infected?

I found this http://tinyurl.com/4hhnt6k

EDIT - DroidDreamKiller from the Market will check your phone for the malware

Edited by dwl99
Guest BArtNimal

Guest BArtNimal

Posted
Posted
I found this http://tinyurl.com/4hhnt6k

EDIT - DroidDreamKiller from the Market will check your phone for the malware

the infected apps were all cracked versions of paid apps that had extra bits of malicious code added, so if you tried to get some 'free paid' apps from the official market chances are that you are infected.

if you got apps from trusted people (as in people with loads and reviews and stuff - similar to the ebay rating) you are safe. one could argue its not the market that was abused, but the gullibility and greed of the people.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept