Nearly a month ago researchers at Bluebox Security discovered a major security flaw in Android that allows hackers to modify a legitimate app by injecting it with malware and still make it look like the real app. Today, Symantec has announced that it has discovered six apps that are exploiting this flaw.
The apps are Chinese in origin and are being distributed at the Chinese marketplace. The two affected apps are legitimate apps that are used to set appointments with doctors however they have been injected with a malware. Unsuspecting individuals who install the affected apps on their device risk the threat of hackers accessing their device. Some of the threats include remote control of the device, steal sensitive data, send premium SMS messages, and disable Chinese mobile security software applications by using root commands.
The other four apps are created by the same hacker who made the first two and are distributed in third party sites. They include a popular news app, an arcade game, a card game, and a betting and lottery app. They seem to target Chinese language users.
Symantec said in their report that “We expect attackers to continue to leverage this vulnerability to infect unsuspecting user devices.”
The perpetrator behind these infected apps has taken advantage of the master key flaw which allows them to inject malware into apps without invalidating their digital signature. Earlier his month Symantec said that “Now that attackers no longer need to change these digital signature details, they can freely hijack legitimate applications, and even an astute person could not tell the application had been repackaged with malicious code.” The security company’s observations were totally correct.
If you think you are safe since it is only apps geared toward the Chinese audience that are infected you shouldn’t be. It is possible for English apps to be targeted as well and they may even be available in the wild already without our knowledge yet.
One of the best ways to avoid getting malware is to make sure that the apps are downloaded from Google Play. Google regularly checks the marketplace for any malicious apps and blocks those that they discover. Getting apps from third party sites such as Amazon and Samsung app stores are considered risky even if they are semi-official.
To make sure that you can only install apps from Google Play you can change your device settings to do so. Go to Settings > Security and make sure that there is no check mark on installing apps from unknown sources.
It would also help secure your device if you have the latest build of Android running on it. This is because it already comes with a built-in app scanning mechanism that regularly scans apps from sources not coming from Google Play.
For an added layer of protection Android device owners can also install a security software on their device such as 3CX Mobile Device Manager.