Two weeks ago, I reported about a new Dell Streak malware infection plaguing the Android Market called DroidDreamLight. While many Streak users were worried by the outbreak of this new virus and its predecessor, DroidDream, Android malware was still regarded as a relative anomaly.
Well, unfortunately for us Streak lovers, it appears that once again we're at risk of getting one of two new Android viruses, Plankton and YZHCSMS, via the download of a seemingly legitimate app from the Android market.
Plankton is a super-stealthy piece of malware that, upon being downloaded to your phone with a legitimate application, accesses your Device ID, along with all the permissions you've allowed the app to access, and sends them off. Plankton is then sent a payload that runs and uses the host app's permissions to access runtime browsing information, bookmarks, and information about the inner workings of your Streak.
Plankton also appears to be capable of delivering more bad software to your unsuspecting Streak–including root exploits, which could be used to cause some real damage.
Like Plankton, YZHCSMS installs itself onto your phone by piggybacking onto a seemingly-harmless app, but that’s where the similarities stop. YZHCSMS retrieves a phone number from a remote sever–often times an expensive premium number–and sends it an SMS text message every 50 minutes. You'd think you could check your phone bill and find all these charges, but YZHCSMS tries to hide the evidence by deleting the texts they send, as well as billing messages your carrier would send you.
Both of these nefarious programs may still be lurking in apps on the Market, so be sure to only download apps from trusted developers.[The Abstract]