Experts at the security firm Lookout Mobile have detected a new variant of DroidDream, the dangerous Trojan that in March was found lurking in the official Android Market, infecting more than 50 apps with rogue data-stealing code.
This time it’s called DroidDreamLight, but don’t let the name fool you, this Trojan is just as nasty as its heavier predecessor.
Spotted this past weekend (May 28 – May 30), DroidDreamLight has already wormed its way into 24 Android apps, affecting between 30,000 and 120,000 customers.
DroidDreamLight works much the same way as the original DroidDream, harvesting users’ sensitive phone data and downloading malicious code to affected phones from remote servers.
Infected Apps Found in Google’s Android Market
The apps infected by DroidDreamLight include Super StopWatch and Timer, System Info Manager, Floating Image Free and System Monitor, all made by Mango Studio
From the developer E.T. Tean, the Call End Vibrate app is corrupted, and from BeeGoo, the bad apps include Paint Master, Quick Photo Grid, Super Photo Enhance and Super Color Flashlight.
In addition, DroidDreamLight has hit several more salacious apps from Magic Photo Studio, including HOT Girls 1 and Sexy Legs.
Lookout Mobile urges Android customers to take extra precautions when downloading apps, and recommends reviewing the developer’s name, reviews and star rating, and checking the permissions each app requests before installing it.
“Use common sense to ensure that the permissions an app requests match the features the app provides,” Lookout wrote on a company blog.
Lookout also warns users to be aware of any “unusual” text message or network activity on your phone, as these could be symptoms that you’ve accidentally downloaded DroidDreamLight.