In this ongoing series we discuss notable mobile malware news from the past week.
- This week, Bluebox Security announced their discovery of a vulnerability that affects all Android devices since the release of the 1.6 (Donut) OS. The vulnerability allows malicious updates to an app’s code, while leaving the cryptographic signature unchanged. Because Android analyzes the cryptographic signature to determine if an app is malicious, this vulnerability results in a significant security breach. Here’s the good news. Google has already updated their Play Store to ensure this malware is blocked. The bad news? You’re still at risk if you’re downloading from 3rd party app stores.
- While not necessarily malware, alarm bells rang last week upon the release of the Jay Z Magna Carta app. Sharp-eyed fans, excited by the promise of being able to listen to the new album, Magna Carta Holy Grail, a full three days prior to its release, were stunned when the music app presented them with a long list of requested permissions. For example, the app requested the ability to prevent the phone from sleeping and to see who you’re talking to on the phone. Even worse, pirated versions of the app with embedded malware were circulating. While more of a nuisance than a threat (the pirated app delivered a political message—not a malicious payload), concerns were raised when it was discovered that the app had the ability to send information about the infected device to an external server.
Concerned about malware on your Android device? Make sure you’ve got a solid defense with a product like NQ Mobile Security.