Anti-Malware Research

Android Market rules let SndApp trojan slip through

Bitdefender antimalware researchers Csaba-Zsolt Juhos and Vlad Ilie thoroughly documented SndApps as a trojan malware family – but Google doesn’t see it their way.

The first instance of a SndApps adware trojan was discovered and described by a NCSU team with  Assistant Professor Xuxian Jiang at the lead on July 4 this year and removed on July 17 by Google from the Android Market.

Yet, the applications have been returned and are still present in the Android Market, having underwent a few changes – such as the addition of “interestingEULAs and encryption for the haul of data they make off with.

Apparently, that’s all it took for Google to re-instate them on the market.

This, for an app that takes the phone’s IMEI, the victim’s  phone number  and e-mail address,  the network operator name and country code, encrypts  the stolen  information using AES/CBC  and uploads  it to a server controlled by the malware authors. This done, it proceeds to serve advertisements, in the form of notifications.

Not what you or I would call a legitimate app – yet the rigid rules set by Google make it possible for these programs to continue to be distributed, under the aegis of the Android Market.

About the author



Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking. Razvan Stoica started off writing for a science monthly and was the chief editor of a science fiction magazine for a short while before moving on to the University of Medicine in Bucharest where he lectured on the English language. Recruited by Bitdefender in 2004 to add zest to the company's online presence, he has fulfilled a bevy of roles within the company since. In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.

1 Comment

Click here to post a comment