Google has removed 21 free applications from its Android market after they were discovered to be malicious.
According to a report by CNN, the applications were intent on getting root access to the user's device, gathering a wide range of available data and downloading more code to it without the user's knowledge.
The apps, which included titles such as: Falling Down; Super Guitar Solo; Super Ringtone Maker; Super Sex Positions; Chess; Advanced Currency Converter; and Spider Man, were downloaded by at least 50,000 Android users.
Rik Ferguson, senior security advisor at Trend Micro, said: “These include the rageagainstthecage exploit which is capable of gaining root access to the device. Not only do these Trojanised apps steal device details such as IMEI and IMSI, but they also install further hidden malware which siphons even more user information off the device and into the hands of criminals. Further research from Android Police reports that this second payload also contains a dropper capable of downloading further code.
“The Android app ecosystem is by definition open, there is a wide array of app stores available and apps can be published to the user community in minutes. This greater openness of the developer environment has been argued to foster an atmosphere of creativity, but as Facebook have already discovered it is also a very attractive criminal playground.”
David Harley, senior research fellow at ESET, said: “At a time when Gartner estimates that we'll have downloaded more than 17.7 billion mobile apps worldwide by the end of this year, I couldn't help thinking that Android users are likelier to pay for lax screening in the Android Market than users who are protected by reasonably strict application whitelisting.
“Well, it looks like that concern had some justification. I am not one for saying ‘I told you so', but I told you so.”