Symantec finds fake Google Android update

Google ’s latest update for its Android mobile oxygen look to already have been subvert by hackers , harmonise to the security vender Symantec .

Symantec found an program call in the “ Android Market Security Tool ” that is a repackaged translation of the legitimate update by the same name that removed the DroidDream malware from septic devices .

Thefake protection tool sends SMSes to a command - and - control waiter , save Mario Ballano of Symantec .

The company is still analyzing the computer code , which it receive on a third - company app market target at Chinese users .

“ What is shocking is that the threat ’s codification seems to be found on a projection hosted on Google Code and licensed under the Apache License , ” Ballano wrote .

The fake security pecker shows that hackers are taking an interest in Android , which is the immobile spring up mobile OS according to analyst Gartner . More than 67 million Android gadget were sold last year .

Google occupy the rarified step last workweek of forcing the “ Android Market Security Tool March 2011 ” onto devices to dispatch DroidDream . Typically , phone manufacturers and operator are creditworthy for issue update to equipment , not Google .

DroidDream could also download other code to a person ’s mobile phone . It used two exploits call “ exploid ” and “ rageagainstthecage ” to taint the headphone . Google has patched the vulnerability in Android versions above 2.2.2 , but many Android users do not have the latest version of the software system .

The “ Android Market Security Tool March 2011 ” does not actually fix the vulnerability that set aside DroidDream to infect phones but merely withdraw the malware , compose Timothy Armstrong , a junior malware analyst with Kaspersky Lab , in a blog mail service .

The treatment by Google also underline problems with how Android is updated , he wrote .

“ Due to the nature of Android in its current Department of State , it ’s very unmanageable and expensive to push security updates as you would on a desktop operating system like Linux or Windows , ” Armstrong write . “ Unlike iPhone , which installs fleck via iTunes , or Windows Mobile which use ActiveSync , Android work almost totally via over - the - air communication . ”

Google officials reach in London did not have an immediate comment .