Google has just pulled 21 popular free apps from the Android Market. According to the company, the apps are malware aimed at getting root access to the user’s device, gathering a wide range of available data, and downloading more code to it without the user’s knowledge.
Although Google has swiftly removed the apps after being notified (by the ever-vigilant Android Police bloggers), the apps in question have already been downloaded by at least 50,000 Android users.
The apps are particularly insidious because they look just like knockoff versions of already popular apps. For example, there’s an app called simply “Chess.” The user would download what he’d assume to be a chess game, only to be presented with a very different sort of app.
These apps are all pirated versions of popular games and utilities — an expeditious solution for busy hackers. Once downloaded, the apps root the user’s device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID. Finally, the app acts as a wide-open backdoor for your device to quietly download more malicious code.