Two weeks after unfolding of malware package for Android, dubbed 'DroidDream Light' now appears more recent malware package named 'Plankton'. This information Xuxian disclosed by Jiang, an Assistant Professor in North Carolina State University's Computer Science Department. This malware exploits a gap Dalvik memory at the time process 'virtual machine' on Android. The existence of malware is not detected nearly two months by the software package Traditional antivirus mobile OS, added. He also has warned Google, that about 5 June and there have been more of the 10 applications that are infected in Android Market. And application has now been removed from the
market pending the further investigation. Google spokesman Randall Sarafa also added, wehave been realized and has suspend some applications that are suspicious in Android Market.
Then we remove applications that have been account the following infected from the developer had violated the policy from us. How it works Plankton Invasion Bugs
This malware is a was first encountered by the team Jiang who exploit Dalvik on memory capacity when loading the application process allowed to remain hidden undetected and dynamically enabled expand the functionality of infection. Dalvik is part of integrated from the Androidoperating system. Its function is to convert the application on Android becomes' Dalvik Executable ' prior to application is in execution.
This malware exist there at the time application is started. How it works that is collecting information, including the ID of the device and access a list of permits that have been approved users on the application who have been infected. Then send the packet back to the controlling origin server through an HTTP message
POST. Furthermore, the server will return the form URL contain 'Plankton' for the download the JAR format (Java Archive) which contains command line in the form Dalvik bytecode. FYI, plain JAR file used for distribute Java applications or library in the form file Java, associated metadata as well as the 'source' such as text and image.
Once the JAR file in the download, then it will dynamically loaded directly into the system operation. At the time this process which allows analysis static (in the process of anti-virus) deceived so that software packages which actually have been infected becomes difficult to trace. Team Jiang also wrote that they found two way infections of Plankton. First, on conditions only supported by line basic command of the bot associated with access control remote server, but this process does not provide access to the system of exploitation 'Root' Android. Command line contained can do various processes in Android devices that have been infected. Like gather all the information bookmarks (including history), install and remove 'Shortcut' on the 'homescreen' and collect records
execution time of Android applications Android on the device. Secondly is a function collect user account that can be called at anytime. With a combination of new cargo loading dynamic, a hacker could steal all the data listed in user account and can exploited 'root' on system. Allows the system the 'root' to change and not stable.
Symantec has given warning that the Android is one of the operating system which became the main target of the hackers. This is due rapid growth in applications Android Market on the far exceeded growth in applications on iTunes apps store. And Google's actions so far even this just stop the application infected by remove from the market.
Very not ideal according to the practitioners security software.TomKellerman who served
as Chief Technology Officer in AirPatrol said that'Google must respect the way work of the security environment (Security net) and provide container security fixes (Security net maintains) before harm consumers'. Natural character of a market online application allows the hackers with easily hide malware (code harmful devices) and phishing (theft of data via email) and millions of consumers have been victimized by Android malware 'such that added by AliciaDiVittorio, a spokeswoman for Mobile Security.
Director of Field Engineering at Top Layer Networks, Stephen Gates recommends Google should force developers applications to perform accuracy in making application, then create a security feature in Android Market such as 'Pre-scanned' before applications can be downloaded.