Nastier DroidDreamLight malware on the loose
A new variant of the DroidDreamLight malware targeting devices that run Googleâs Android operating system has been discovered, this time with potentially the ability to quietly install and uninstall packages. Computer security firm Trend Micro said the new variant, found in a China-based third-party application store, is disguised as battery-monitoring and task-listing tools. âPlease note ... that the apps are in English, so potential victims are not limited to users who understand Chinese," it noted in a blog post. Trend Micro said its software can detect the malware as AndroidOS_DORDRAE.N. It said the code changes included information theft routines, which can include SMS messages, call logs, contacts lists and information related to Google accounts in the device. The stolen information is stored and compressed in the /data/data/%package name%/files directory, and then uploaded to a URL contained in a configuration file. âJust like with previous variants, it also connects to a URL in the configuration file and then uploads other information about the infected device," it said. Among the uploaded information are:
- - Phone model - Language setting - Country - IMEI - IMSI - SDK version - Package name of the malicious application - Information about installed applications