New research from Lookout Mobile Security suggests the DroidDream malware is designed to extend the botnet threat to mobile devices -- Android, in this case.Lookout first contacted me about this malware last week, and since then security news headlines have been ablaze with details about a tainted Android app market. Sign up today.Get your morning news fix with the daily Salted Hash e-newsletter! Here's the latest raw research from Lookout, sent to me by company spokesperson Cerena Hsieh:Lookout has taken a closer look at DroidDream to further understand the malware\u2019s intent. We found that DroidDream could be considered a powerful zombie agent that can install any applications silently and execute code with root privileges at will; it is the first piece of Android malware we\u2019ve seen that uses an exploit to gain root permissions, thereby giving it a substantial amount of control over an infected device. Additionally, the malware is very aptly named \u2013 it was configured to only run in the evening (from 11 p.m. to 8 a.m.) -- a time when the owner of an infected device would most likely be sleeping and not notice any strange behaviors on the phone. After analyzing the second phase of DroidDream, we\u2019ve concluded that its purpose is to download additional applications and install them silently as system applications on the device. The first phase of the malware served to gain root access on the device while the second phase predominantly serves to maintain a connection to the server to download and install other files. Other findings:-The second stage of the malware sends additional personal information to its command and control server:-ProductID \u2013 Specific to the DroidDream variant-Partner \u2013 Specific to the DroidDream variant-IMSI-IMEI-Model & SDK value-Language-Country-UserID (Though this does not appear to be fully implemented)-Applications supplied by DroidDream\u2019s command and control center can be silently downloaded to the infected device. In the malware, there also appears to be a command dealing with ratings, comments, assetIDs and install states, all of which relate to the Android Market. Though these appear incomplete, it\u2019s possible the author(s) intended to listen to Android Market downloads and possibly to trigger downloads and comments on downloaded applications.