First Malicious Use of 'Master Key' Android Vulnerability Discovered
Posted by: Timothy Tibbetts on 07/24/2013 03:05 PM
[
Comments
]
Earlier this month, Symantec discussed the discovery of the Master Key vulnerability that allows attackers to inject malicious code into legitimate Android applications without invalidating the digital signature. We expected the vulnerability to be leveraged quickly due to ease of exploitation, and it has.
They found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments.
Symantec expects attackers to continue to leverage this vulnerability to infect unsuspecting user devices and just days later discovered four additional Android applications infected by the same attacker and being distributed on third-party app sites. The apps are a popular news app, an arcade game, a card game, and a betting and lottery app. All of these apps are designed for Chinese language users.
Obviously they suggest downloading from official sites such as Google Play with the exception of Majorgeeks, of course
They found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments.
Photo: Symantec
Symantec expects attackers to continue to leverage this vulnerability to infect unsuspecting user devices and just days later discovered four additional Android applications infected by the same attacker and being distributed on third-party app sites. The apps are a popular news app, an arcade game, a card game, and a betting and lottery app. All of these apps are designed for Chinese language users.
Obviously they suggest downloading from official sites such as Google Play with the exception of Majorgeeks, of course
Comments
