10 more applications have been pulled from Google’s official Android Market after being found to contain a new kind of Android malware, called “plankton”. The legitimate applications are trojanized with malicious code, and once the app is installed, the malicious code works as a background service, gathering information and transmitting it to a remote server. The server returns a URL from which the malware downloads a payload .jar file that, once loaded, attempts to stay hidden by evading static analysis.
We can expect to see more of this mobile platform attack, as it provides a direct access method to banking information, as well as a potential conduit into the business as these phones are used for account management and are often connected to computers and networks. The stealthy properties exhibited here can be expected to become the norm in most malware being developed.