Google Android security tool found repackaged with malware

In a what should actually not be a wholly unexpected turn of events, the Android Market security update – pushed to Android users whose devices where affected by one or more “trojanized” applications found on the official Android marketplace – has itself been repackaged with a Trojan and is being offered on some third-party Chinese marketplaces.

The application, called “Android Market Security Tool”, has been repackaged with suspicious code, and according to the analysis by Trend Micro‘s researchers, this malicious version opens a backdoor through which device information such as IMEI, its phone number and routine logs is uploaded to a remote URL.

But it doesn’t stop there. It can also modify call logs, intercept or monitor messages, download videos, and more, which could also lead to a very high phone bill for the user. One must only take a look at the permissions the application asks for to see that they can be misused in a myriad of ways:

Permissions asked from the legitimate application do not include receiving and sending text messages, pinpointing the location of the device and preventing the phone from sleeping.

Also, the legitimate Android Market Security Tool shows its version to be 2.5, while the malicious application says its version is 1.5. So far, this trojanized tool seems to be aimed exclusively at Chinese Android users.

It bears repeating that checking out any application’s permissions before installing it is a good idea, and if you spot something that strikes you odd or with a great potential for misuse, consider not installing it.

I would say that keeping to the official Android Marketplace is also a smart move – despite what happened last week. The odds for avoiding malicious application are better, at least.