BaseBridge: new Android malware has been busy

As smartphones start to be become as popular as desktop computers, so do the malware used to that attack such platforms. The latest one to hit the Android platform is simply known as BaseBridge. The malware is found in infected copies of popular Android apps like QQ Doudizhu, Voice SMS, Drag Racing, Trader, Donkey Jump, Jungle Monkey, and Gold Minor and many more. It can be easily embedded into other legitimate apps.

When an infected app is installed, the malware will ask users to upgrade it. If users choose to do so, it will install itself on another area of the phone with the name “com.android.battery”. After the installation, a new prompt will ask the user to restart the app in order to run it. Once the app is restarted, the malware is activated.

Upon activation, the Malware would activate three malicious services — AdSmsService, BridgeProvider and PhoneService — to communicate with a control server, from which it will download a configuration list to read related information and dial calls or send out SMS messages accordingly, incurring fees for the users. Meanwhile, the Malware also blocks messages from the mobile carrier to prevent users from getting fee consumption updates in time so that all malicious activities are undertaken stealthily without the user’s knowledge or consent. The Malware may also insert messages to the inbox of a mobile device at a designated time.

After the whole DroidDream earlier this year that forced Google to take down malicious apps from the Android Market, it looks like Google might have to do the job again. As usual, there is no 100%-effective way to prevent viruses – just smart usage of your phones especially if you like to download loads of apps. Remember to keep backups of important files in case you have to resort to a phone wipe or restore just to get rid of malware.

[Press Release] [Image Credit]