Rootcager Trojan found on the official Android market
Free Android applications bundled up with malware have spilled over into the official Android marketplace.
According to Symantec, the malware in question can root the phone, harvest data and open backdoors – similar to the recent Geimini Trojan spotted lurking on third-party Chinese Android app markets.
“The applications in question are popular free apps, bundled with malware, that have then been republished in the official marketplace under different application and publisher names,” says researcher Joji Hamada.
Google has jumped into the fray and removed the applications from the market, but according to Symantec’s sources somewhere between 50,000 and 200,000 downloads took place during the four days that the apps were available for download.
This new Trojan has been dubbed Rootcager because of the rageagainstthecage file included in the Android Package containing the affected apps.
Rageagainstthecage is a file that can also be used to legitimately root a phone in order for the users to gain administrative rights, but in this case it’s used to allow the Trojan to do things like taking screenshots, harvesting IMEI and IMSI numbers and send them to remote sites, and drop a DownloadProvidersManager Android Package that will further execute downloads in the background.
For the full list of the potentially affected apps, go here. In you think you may have installed one of them on your device, check the installed apps against it or check the “running services” settings on your phone for the DownloadManageService started by an application.