Symantec is reporting that Google’s latest update for its Android mobile OS appears to already have been subverted by hackers. Symantec found an application called the “Android Market Security Tool” that is a repackaged version of the legitimate update by the same name that removed the DroidDream malware from infected devices. They are calling the malware BGserv.
The fake security tool sends SMS’s to a command-and-control server, according to Symantec. The company is still analyzing the code, found on a third-party application market targeted at Chinese users. The fake security tool shows that hackers are taking an interest in the fastest growing mobile OS. More than 67 million Android devices were sold last year according to Gartner. It used two exploits called “exploid” and “rageagainstthecage” to infect phones. Google has patched the vulnerabilities in Android versions above 2.2.2, but many Android users do not have the latest version of the software.
Google forced the “Android Market Security Tool March 2011” onto devices last week to remove DroidDream after more than 50 applications in Google’s Android Market place were found to contain DroidDream. The malware steals information such as the phone’s International Mobile Equipment Identity (IMEI) number and the SIM card’s International Mobile Subscriber Identity (IMSI) number, and sends it to a server located in Fremont, California, and allows the malware distributor to install other code onto the phone. Normally, phone manufacturers and operators are responsible for issuing updates to devices, not Google.