By now most everyone knows that Google has addressed
the Droid Dream malware mess in the Android Market


,
used the kill switch


and issued a fix, and is in process of rolling out said fix to all affected users. But since Android users in general are an impatient lot, some folks have been on the lookout for the files to manually install the fix instead of waiting.

Don't do it.

The folks at F-Secure have found that at least one of the so-called security patch files floating around is really
just another trojan


. This is social engineering at it's finest -- use the promise of security to really make things worse. You can read the gory details of the BgServ.A trojan found in the fake patch at the source link, but the important thing is that you need to wait for Google to push you the fix if you downloaded one of the infected files. Like every other patch for the OS, whether it's an updated version of Android or something less glamorous like a security fix, only install files from Google's servers.

If you were affected by the malware, you should have received an email from big G, or will soon. We have the full text of that message after the break, be sure to check that the sender is really Google, and sit tight. They will get you all patched up. [
F-Secure


] Thanks Mike and Steven!


Fake Android security fix is really another trojan


posted originally by
Android Central




Sponsored by
Android Cases and Accessories































More...