Fake Google Android Update Appears Online
Symantec has identified suspicious code within a repackaged version of the "Android Market Security Tool", an application designed by Google to undo the side effects caused by Android.Rootcager.
The Android.Rootcager application was automatically pushed to devices of users who had downloaded and installed infected applications, Symantec said.
The suspicious repackaged version of the "Android Market Security Tool" was found on an unregulated third-party Chinese marketplace, Symantec added. This threat seems to be able to send SMS messages if instructed by a command-and-control server located at the following address:
hxxp://www.youlubg.com:81/Coop/request3.php
Symantec is currently analyzing the application. However, the threats code seems to be based on a project hosted on Google Code and licensed under the Apache License: http://code.google.com/p/mmsbg/, the security firm said.
The suspicious repackaged version of the "Android Market Security Tool" was found on an unregulated third-party Chinese marketplace, Symantec added. This threat seems to be able to send SMS messages if instructed by a command-and-control server located at the following address:
hxxp://www.youlubg.com:81/Coop/request3.php
Symantec is currently analyzing the application. However, the threats code seems to be based on a project hosted on Google Code and licensed under the Apache License: http://code.google.com/p/mmsbg/, the security firm said.
