Repackaging legitimate apps with malware is standard operating procedure for cyber criminals, as the recent spate of malicious code in Android Market attests Mobile malware is still a minuscule part of the overall threat landscape in cyberspace, but as Google cleans up another major outbreak of malicious code in the Android Market, researchers are seeing some common characteristics of the programs.Over the weekend, mobile security firm Lookout discovered that nearly three dozen apps available through the Android Market contained a stripped-down version of the DroidDream malware that infected devices in March. The new Trojan, dubbed DroidDream Lite (DDLite), sends information about the infected phone to a central server, but does little else. Unlike the original DroidDream, it does not try to compromise the device by exploiting software flaws. Both programs were seeded in the Android Market using pirated programs in what has become a characteristic of these attacks, according to Kevin Mahaffey, chief technology officer for Lookout.“Repackaged applications have emerged as the de facto trend in how malware is spread in Android,” Mahaffey said. “It is hard to say how the person got ahold of the software, but the most likely scenario is … attacker downloads application from store, attacker puts malware in app and then uploads apps either to the Android Market or other download sites.” Unsurprisingly, techniques that have worked well in attacking PCs have been ported over to mobile malware. For example, code obfuscation is widely used to make the mobile malware more difficult to analyze, Mahaffey said. Another technique adapted from the PC world is that the Trojans are not attacks with a single purpose, but install a general-purpose program that can be updated with additional functionality.“Single purpose malware is something to the extent of, it gets on your phone and dials an expensive number,” he says. “We are seeing malware that does that, primarily emerging out of China, where it dials Chinese premiums numbers. But we are increasingly seeing more robust applications using a generic command-and-control infrastructure, where there is a lot of different things that the malware can do.”Another common trait is how attackers are targeting the Android Market. Rather than create Trojans of a single class of applications — say, games — they focus on a broad cross-section of programs. “It is a way to engineer a distribution,” says Mahaffey. “You create anything from system utilities to porn apps to picture viewers, and try to get a broad of a base as possible to install it. It is a social engineering tactic.”This story, “Android malware: Beware pirated apps,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter. MalwareTechnology Industry