Over 50 malicious apps found their way onto the Android Market, but have now been removed, according to reports.
Reddit contributor Lompolo was first to notice the issue, when he found 21 Android legitimate apps had been repackaged with an exploit known as "rageagainstthecage" designed to gain root access to users' devices.
A report from Android Police indicated that between 50,000 and 200,000 versions of the malicious apps could have been downloaded before Google pulled the plug.
The apps were able to steal device details such as IMEI numbers and could even download more code and install extra malware designed to take even more data from users.
Various apps released under the developer names "Kingmall2010, "we20090202 and "Myournet" were affected. In a follow-up blog post, Android Police claim that the exploits used no longer work under Android 2.3. If true, this incident highlights one of the disadvantages of the delays Android users often face in getting the latest operating system updates.
Google have removed the apps and banned the rogue developer it believes to be responsible from Android Market, reports indicated. The tech giant has also ensured the apps were remotely removed from the affected handsets.
However, Rik Ferguson, senior security advisor at Trend Micro, said just taking the apps offline may not help those who downloaded the infected apps.
"Of course this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection," Ferguson said in a blog.
"So if you are one of the estimated 50,000 people who have downloaded these malicious apps it could be worth your while investigating the possibility of getting a replacement handset or reinstalling the operating system on the one you have if possible."
At the time of publication, Google had not responded to a request for comment on the situation.
There have been plenty of concerns over the security of the Android Marketplace, but before this there had not been any major issues.
Instead, most threats had been seen passing through third-party app stores.
As Android becomes more popular, however, the marketplace will become more of a target for cyber criminals.
Philip Dall, mobile security expert with internet security company BullGuard, said users should ensure where the app has come from in the first place.
"First and foremost, you should think twice before you download applications by finding out who uploaded it, check which rights and actions the app wishes to make use of, and consider whether this sounds right or not," Dall said.
"Secondly, you should install security software on your phone."
IT PRO recently warned about the potential security time bomb facing the plethora of app stores now open to consumers and businesses alike.
-
Microsoft issues bug fix one day before Windows 10 launchNews Update KB3074683 fixes Explorer crashing fault
-
Dennis partnership sees 12,500 schoolchildren get Windows 8 laptopsNews Felix Dennis and team have brokered a deal to give pupils in St Vincent and the Grenadines their own computers
-
Trend Micro shines light on growing number of malicious Android appsNews Security vendor flags rise in malicious Android apps during first six months of 2013.
-
Trend Micro: Five times more malware found on Android devices than PCs in 2012News Security software firm flags rise in Android threats last year.
-
Business users "must not ignore" Oracle Java 7 web browser flawsNews Security researchers claim business users could ignore advice to disable plug-ins over app stability fears.
-
Zero-day Windows flaw goes publicNews A zero-day vulnerability affecting all versions of Windows back to XP has been discovered.
-
Panda and Trend slam Microsoft MSE decisionNews Microsoft has been slated by two security firms for its decision to include a free MSE download with its Windows Update.
-
Firefox add-on spies on Google search resultsNews Using a browser other than Internet Explorer and think you’re safe? Not any more it seems.
