Between 30,000 and 120,000 users of Android devices are believed to have been affected by new mobile malware which has its roots in the earlier scourge known as Droid Dream. Like its predecessor, this variant, called Droid Dream Light, appears to have been created by the same developers whose malware had infected over 50 applications back in March. According to Lookout Security, the new malware was found in over 25 mobile applications, all of which Google has since removed from the Android Market.
Droid Dream "Light"
Droid Dream Light is a stripped down version of the original DroidDream, says Lookout. Its malicious components are invoked upon the receipt of a "android.intent.action.PHONE_STATE intent" - for example, an incoming phone call. That means that this variant is not dependent on the manual launch of the malicious application in order to trigger it into action. Instead, explains Lookout via blog post:
The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages. It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.
In other words, despite the malware's designation of "Light," in some ways it's actually more malicious as it requires no user actions to take place in order for it to launch.
Read more: Read Write Web