While investigating several Android Market applications that appeared to be duplicates, Reddit user lompolo discovered several apps that provide an extra, and definitely unwanted, service. The applications in question contain an exploit that, when downloaded, automatically root the Android handset. Not only that, the apps — 21 in total — also contain an embedded .apk file that can accept remote code and upload device information (like your IMEI) to a server in California. The malicious bundles were published by user Myournet and some of the individual applications have been downloaded over 50,000 times each. Once alerted of the potential malware, Google investigated and removed the code from the Market and users handsets. Unfortunately, that doesn’t have any effect on data already compromised by downloaders of the rogue applications. Google has yet to publicly comment on the incident.
UPDATE: More information about the exploit and affected applications can be found here.
