A potentially damaging virus, which steals SMSes and personal details of an
Android-enabled gadget-user, has been detected in Indian cyberspace and internet
security sleuths have asked mobile phone and tablet users to exercise caution
while operating. The malware is affecting all the versions of Android prior to
version 4.2.2 (Jelly Bean).
"It has been observed that a critical vulnerability exists in Android which
could allow attackers to inject malicious code into legitimate applications
which makes it possible to change an application's code without affecting the
cryptographic signature of the application, essentially allowing a malicious
author to trick the Android device into believing that the crafted application
is unchanged," the Computer Emergency Response Team-India (CeRT-In) said in its
latest advisory to Android users in the country.
The malicious programme, the advisory said, is so damaging that it could be
used for stealing personal information like email addresses, IMEI numbers, SMSes
and installed applications. "It could also send SMS or make calls from infected
devices without user consent," the sleuths of the national cyber security centre
said.
"An attacker could exploit this vulnerability by placing other files with
same name into an application package along with the legitimate files. The
Android package verification occurs against the first file during installation.
Thus, the crafted .APK passes the verification process and installs the second
file. However, at runtime, other malicious file gets executed," the advisory
said.
The cyber police have also suggested some countermeasures. "Check for the
permissions required by an application before installing, exercise caution while
visiting untrusted sites for clicking links, run a full system scan through a device with a mobile
security solution or mobile anti-virus solution, do not download and install
applications from untrusted sources and download applications only from trusted
sources, reputed application markets and Google play store," the security agency
said.
Source:DNAindia
Do you like this post? Please link back to this article by copying one of the codes below.
URL: HTML link code: BB (forum) link code:
No comments:
Post a Comment