Every now and then, a new bug in Android gets discovered. That’s a good thing, because how else will the Google developers be informed of the not so evident flaws in their popular operating system. The security firm FireEye has brought up the alert signs for a newly discovered security flaw in Android, which allows attackers to ‘hijack’ an app icon to send the users to malicious sites.
Luckily, Google has reacted fast, and a patch for this critical issue has been sent to its partners. What is still not known is the number of affected apps that are currently on the Play Store, and the time that will take the OEMs to send the fixes to their devices.
FireEye reported that the concerned apps could not be detected through Play Store’s security filters, which makes everyone with access to Google’s app repository vulnerable. Once an infected app is installed, it will take control over a launcher entry of another app, such as a mobile banking application, and will send the user to a malicious site, asking for discrete user information, such as some sensitive details related to the bank account. The involved apps require no extraordinary permissions, and for purpose of demonstration, a demo phishing app has been tested on various devices, including the KitKat running HTC One and Nexus 7 with success.
This will potentially cause more awareness among the people who very carelessly download apps from unverified publishers. And to you, dear reader, we urge you to double check whatever you are trying to download on your Android device, as it may be a scam that can steal your valuable info. Have your eyes open!