"The apps were 'Trojanized,' for a better word," says Symantec's security response senior manager Tom Parsons. "With the phones being 'rooted,' the attacks can do almost anything, including pulling data off the phone."
Each of the apps were available for over 72 hours on the Market, and between 50,000 and 200,000 were downloaded by users during the time span.
All of the apps were infected with "DreamDroid," code that lets attackers take over Android smartphones, connect them to a command-and-control server and then issue orders.
Google has not yet used their ability to remotely remove malicious apps from phones, and has only used that power once, in June of last year.
Written by: Andre Yoskowitz @ 2 Mar 2011 15:18