26 applications containing a variation of the DroidDream Trojan have been found on the official Android Market and are believed to have been downloaded by at least 30,000 users.
Lookout researchers believe that they were created and uploaded by the same developers who were behind the original DroidDream onslaught back in March.
It seems that the stripped down Trojan code has been added to legitimate apps and the apps were consequently uploaded and made available via six developer accounts.
According to F-Secure researchers, the grafted code is triggered only after the infected phone receives a text message:
After that, it contacts remote servers and sends out information such as the phone model, its IMEI, IMSI, Software Development Kit’s version, and more.
“It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention,” add the Lookout researchers.
Even though Google has already pulled the trojanized apps from the Market, users are urged to always be careful when downloading apps – to avoid downloading them from untrusted sources, to look critically at the permission they request and to always be on the lookout for unusual behavior on their phone.
For a list of the affected apps found so far, go here.