Fake security fix is fake

By now most everyone knows that Google has addressed the Droid Dream malware mess in the Android Market, used the kill switch and issued a fix, and is in process of rolling out said fix to all affected users.  But since Android users in general are an impatient lot, some folks have been on the lookout for the files to manually install the fix instead of waiting.

Don't do it.

The folks at F-Secure have found that at least one of the so-called security patch files floating around is really just another trojan.  This is social engineering at it's finest -- use the promise of security to really make things worse.  You can read the gory details of the BgServ.A trojan found in the fake patch at the source link, but the important thing is that you need to wait for Google to push you the fix if you downloaded one of the infected files.  Like every other patch for the OS, whether it's an updated version of Android or something less glamorous like a security fix, only install files from Google's servers.

If you were affected by the malware, you should have received an email from big G, or will soon.  We have the full text of that message after the break, be sure to check that the sender is really Google, and sit tight.  They will get you all patched up. [F-Secure] Thanks Mike and Steven!

You are receiving this message to inform you of a critical issue affecting
your Android Market account.

Hello,

We recently discovered applications on Android Market that were designed to
harm devices. These malicious applications ("malware") have been removed from
Android Market, and the corresponding developer accounts have been closed.

According to our records, you have downloaded one or more of these
applications. This malware was designed to allow an unauthorized third-party
to access your device without your knowledge. As far as we can determine, the
only information obtained was device-specific (IMEI/IMSI, unique codes which
are used to identify mobile devices, and the version of Android running on
your device).

However, this malware could leave your device and personal information at
risk, so we are pushing an Android Market security update to your device to
remove this malware. You will soon be receiving a notification on your device
that says "Android Market Security Tool March 2011" has been installed. You
are not required to take any action from there, the update will automatically
run. You may also receive notification(s) on your device that an application
has been removed. Within 24 hours of receiving the update, you will receive a
second email confirming its success.

To ensure this update is run quickly, please make sure that your device is
turned on and has a strong network connection.

For more details, please visit the Android Market Help Center at
http://market.android.com/support/bin/answer.py?answer=1207928

Regards,
The Android Market Team

©2011 Google, Inc.
1600 Amphitheatre Parkway
Mountain View, CA  94043

Email preferences:  You are receiving this email to notify you of a critical
issue affecting your Android Market account.

 
There are 19 comments

Gone24 says:

Seriously Google needs to get it together, it baffles me that this kind of stuff even made it to the market it the first place...

sookster54 says:

It's Windows 98 all over again

trenen says:

So sad...Android is 'officially' Windows for the mobile world. The more stuff like this gets reported, the more appealing and smart Apple's secure 'walled-garden' looks. Google says "do no evil" - but to me, allowing this kind of stuff because they don't want to regulate the market is evil in its own way.

eRoc#AC says:

Please check your facts before reporting garbage to scare everyone. This malicious app was on a third-party marketplace in China. Not the Android marketplace.

Please read the post before commenting.

eRoc#AC says:

Google's letter is referring to the 50 apps removed from the Android Marketplace a few days ago, not this new malicious app that poses as a Google update. That malicious app was found in a third-party marketplace in China, not the Android marketplace. I've re-read your article several times and it does not mention this.

"But since Android users in general are an impatient lot, some folks have been on the lookout for the files to manually install the fix instead of waiting.

Don't do it.

The folks at F-Secure have found that at least one of the so-called security patch files floating around is really just another trojan. "

HAAS599 says:

I am having trouble finding the source link. Where is it on the page?

NM, it's before the beginning of the letter.

Seems like everyone forgets that this whole issue was patched 4 versions ago and NONE of the manufacturers have updated their devices to address it.

If they had, the only news here is that some apps were 500k bigger than they should have been.

robertw0925 says:

Just flash a new rom and u r good to go

HAAS599 says:

Actually, the open market is doing it's job.

If you downloaded one of those dumb apps then you deserve a virus and if you went to some chinese site for a fix when Google issued their own that is very easy to download right on the market then you deserve an iphone.

trenen says:

It's not doing its 'job'. The original problem was from apps IN the Market, thus the whole removal procedure by Google.

mike340t says:

lol suckers really are suckers... don't worry someone will release a fake patch to fix that fix patch lol..

judasmachine says:

Come on folks. The big boy on the block is also the biggest target. You have to take security into your own hands. If you need big brother to do it for you, I suggest you get off the internet. Educate yourself, and wipe often.

waydavis says:

If they can get the IMEI codes, why couldn't some of this code be put to good use? Like locating mt stolen phone. I'm for sure gOOgle knows who has my phone. Just a thought.

waydavis says:

Not sure why the spam filter was applied to afore post?

thomashedd1 says:

Whats up with android central comments? Does any one realize that the names of who is commenting is all shifted in one direction?

Adjei says:

What else is now, Android is now turning to malware central.

jeffkoe says:

I'm an iOS user considering an Android Device. I've got to admit, I'm scared off for the time being. Considering that I have bank accounts, PayPal, eBay and tons of personal information on my iPhone, I WANT my smartphone to be uber secure. At the end of the day if I don't feel safe using all the functionality I pay for, why have the smart phone and pay for the expensive data plan? While I'm not saying Apple's way is the only way to have a secure smartphone, there has to be some effective means of securing user data in order for any platform to be viable.