There’s been some talk in the last few days about malicious apps hitting Android. Most of those were distributed by 3rd party markets, not the official Android Market. The 21 apps were published by Myournet. These apps combined for over 50,000 downloads in 4 days before Google pulled them. Basically, these apps included a trojan that installed the rageagainstthecage root exploit to root your phone, then it would send your IMEI and IMSI information to a server based out of California. Then there’s another APK that tries to steal anything it can, including: product ID, model, partner (provider?), language, country, and userID. That APK also had the ability to download more code, which means they could have installed more things on your phone that could have potentially stolen more information.
The good news is that Google pulled these apps within 5 minutes of being contacted about them. The bad news is that they were downloaded over 50,000 times before anything was noticed, and it wasn’t even noticed by Google, which is the sad part. While the apps have been removed from the Market, Google also remotely pulled them from the devices they were installed on. For those that installed them though, there’s no way to know if anymore code was sent to your phone.
The offending apps from publisher Myournet:
Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠
Source: AndroidPolice