Final update: Brian from Lookout popped in to say this:
I’d like to thank everyone for this thread and keeping vigilant about our product. Unfortunately, we make mistakes sometimes but we work hard and fast to correct them. Fail fast goes the motto, as is embodied in this thread and, I’d like to believe, our response time.
We have just issued a new set of malware signatures which corrects for the false positive we previously reported. It will take a few hours for this new update to hit all phones but the propagation should be complete in less than 24 hours.
Sorry, again, for this mixup and we’re currently working on ways to ensure this doesn’t happen again.
And with that, that’s all folks; all-clear.
Update: See comments below for two reports of Lookout (the antivirus people) saying this was a false positive; no trojan, just an antivirus app jumping at shadows. Quote:
Our latest set of malware detection signatures went out to our users last night (August 8, 2012). Unfortunately it misidentifies the app “Google Enhanced Search” as the trojan ‘GGSearch’. If you’ve received this warning please ignore it – we will be shipping a new set of detection signatures in the next 24 hours, at the latest.
So I was at the university, and my phone said — well, read — that I have a trojan: a Trojan.Android.FakeGGSearch.a, calling itself “Google Search (Enhanced)”, with a long and scary list of permissions. Lookout (my virus scanner thingy) gave a description: a scary one, with the sending of costly text messages, uninstalling virus scanners, sending my personal details to China (but I have Chinese friends!), etc., etc.
That workday was over right then.
Went home, and used laptop to change my Google password and my Twitter client’s access, and checked the bank account linked to the Google account (for Android Market) for sudden disappearances of money. (There were none; phew.) Tried to uninstall the bugger a few times; it would not be uninstalled.
Hit the phone in airplane mode in the meanwhile. A mere music player doesn’t send no details anywhere. (Sony Ericsson Xperia X10 Mini Pro, by the way.)
Then went to visit my phone operator’s midtown office. They said, politely, “Fuck off, we don’t help you with what paranoid third party apps say is or isn’t malware. Neither will the phone manufacturer if you send it to them. Now bugger off.”
I buggered off, took the SIM card and the memory card out, and googled, seeing a rash of cases similar to mine popping out in Germany, in Netherlands, all over the place, all as clueless as me. Someone more bold suggested this was Lookout mis-reacting.
Watching, giving my phone baleful glares, and looking how things will develop. (It’s about two hours since I noticed this; all but one of the discussions below have come into being since; all tell Lookout detected this, at about the same time apparently.) Will add links.
android.stackexchange : False positive? Apparently at least one other virus scanner doesn’t replicate.
android-hilfe.de : Good discussion in German; raises the point that someone has had this app installed since April, and Lookout’s only now reacting to it (also, to old backups of it); false positive or better detection? They’re tending towards “false positive”, I think, and wondering if all affected devices have Android 2.1.
androidforums.com : Scared and clueless — and with a SE Xperia Mini, a phone that’s almost identical to mine. I wish the others affected would tell theirs; is this an accident, or something important? They say, “I just installed Avast, and scans from it find no problem. either it’s a false positive from Lookout, or really effective malware.”
kassa.vara.nl : Wondering, suggesting Lookout’s forums (Where there seems to be no hits); suggesting trying a different antivirus, and reporting difficulties installing one, which is bad.
One person there has sent a question to Lookout; hope they answer quickly.
Then there’s blog.webroot.com, whose February 29 post An Evolution of Android Malware “When stealing data isn’t enough meet…GoManag …“ (Part 2) seems to describe a bit of malware identifying as “Google Search (Enhanced)” like this problem; so a bit of malware with that identification exists; now if I only knew if this rash of reports is that or a Lookout goof.
I’m waiting and seeing how the web-opinion develops before hitting the big reset button. Am “encouraged” to read all the alerts have come from Lookout; though this doesn’t need to mean this is a glitch; it could be an update that went out and found something nasty in a number of places.
Will update whenever I notice something new.
Update (7 hours into the thing): nothing much to report. There’s a Japanese report of the same problem over on Yahoo.co.jp; like many other reports, it has Android 2.1 and Lookout, and suspects this is a problem with Lookout. (8 hours) Given how the reports are below and on the androidforums.com thread, I’m calling this a false positive that an update of Lookout will fix; further updates will go into the comments.