As per reports from several sources, security experts announced that Google has pulled more than 50 malware-infected apps from its Android Market, but hasn’t yet triggered automatic uninstalls of those programs from users’ phones. This episode of large numbers of malicious Google apps is believed to have been originally discovered by a user of the popular news aggregation site Reddit who spotted the pirated apps, and another online source, Android Police, also took a close look and flagged it. Mahaffey calls it a “community response” to the malicious Google apps, which he notes has been one of the main forces working as a first responder to trouble. “The apps were ‘Trojanized,‘ for a better word,” said Tom Parsons, a senior manager with Symantec’s security response team. “With the phones being ‘rooted,’ the attacks can do almost anything, including pulling data off the phone,” he said, referring to the malware’s ability to gain root access to the devices. The apps were available for about four days on the Android Market, Google’s official app store. According to San Francisco-based smartphone security firm Lookout, between 50,000 and 200,000 copies of the apps were downloaded by users. All the apps were infected with the same malicious code, said Kevin Mahaffey, the CTO of Lookout, and came from three different publishers. The malware, dubbed “DreamDroid,” lets attackers compromise Android smartphones, then connect them to a command-and-control server (C&C) which can issue orders to the devices. In some cases, the malicious apps were pirated versions of legitimate Android software. Mahaffey called the appearance of so many infected apps on the official Android Market a turning point in mobile malware. “This was a tier 1 market that had a significant number of malicious apps that were downloaded a significant number of times,” he said. Previously, malware-infected Android apps, like the bogus “Steamy Window” app that Symantec discovered Monday, were posted on third-party download sites (not Google). Like other mobile app distributors, such as Apple, Google has the ability to flip a switch that remotely removes questionable or malicious apps from all Android smartphones. Google has pulled the uninstall switch at least once before, in June 2010. “Google’s very responsible with that power,” said Mahaffey, explaining why the apps have been pulled from the Android Market but not yet removed from users’ phones. “They want to make sure that it’s used only in cases when they’re sure they’re removing only malware.” A Google spokesperson said Google has suspended several developers for violations of its policies but was not going to discuss any statements made by others related to the Android sandbox at this time. Stay tuned for more news and info by following us on Twitter and/or by subscribing to our RSS Feed. Authors:

to know more click here