It's pretty bold and a cunning coup; criminals have installed a trojan in the Android Market Security Tool that Google is distributing to delete the contaminated apps that recently popped up on the Android Market. As users have been told to expect to see the application running on their phones clearing up the damage the Droiddream trojan did, there's a good chance they won't be suspicious of it. According to reports though, at present, the trojan-infested version of the tool is only in circulation on an "un-regulated third-party Chinese marketplace" and appears to only affect users of a particular Chinese mobile network.
According to an initial analysis by Symantec, the trojan contacts a control server and is able to send text messages if commanded to do so. According to F-Secure, BGServ (as the contaminant is called) also sends user data to the server after being installed.
Apps from sources other than the Android Market cannot, however, be installed unintentionally unless you explicitly enable the option to allow for installation from unknown sources. The version of the Android Market Security Tool with a trojan also asks, during installation, to be able to send text messages; fortunately, Android also tells you that this option could cost you money.
According to an initial analysis by Symantec, the trojan contacts a control server and is able to send text messages if commanded to do so. According to F-Secure, BGServ (as the contaminant is called) also sends user data to the server after being installed.
Apps from sources other than the Android Market cannot, however, be installed unintentionally unless you explicitly enable the option to allow for installation from unknown sources. The version of the Android Market Security Tool with a trojan also asks, during installation, to be able to send text messages; fortunately, Android also tells you that this option could cost you money.