London: Search engine giant Google’s Android operating system which was found to have security flaw making around 900 million devices vulnerable to hacking has reportedly infected two apps in China.
According to the BBC, security firm Symantec has said that it identified the first known malicious use of Android''s ‘master key’ vulnerability which allows attackers to install code on phones running Google''s mobile operating system and then take control of them.
Security firm BlueBox had found a way to make changes to an app''s code without affecting the encrypted signature that Android uses to check the program is legitimate and has not been tampered with following which Google issued a patch to manufacturers to tackle the problem.
However, Symantec said that hackers have now exploited the flaw to install malware called Android. Skullkey, which steals data from compromised phones, monitors texts received and written on the handset, and also sends its own SMS messages to premium numbers.
The firm said that Trojan had been added to two legitimate apps used in China to find and make appointments with a doctor and more attacks are expected to leverage the vulnerability to infect unsuspecting user devices.
Symantec said that users should only download applications from reputable Android application marketplaces and affected users could manually remove the software by going into their settings menu, the report added.
According to the BBC, security firm Symantec has said that it identified the first known malicious use of Android''s ‘master key’ vulnerability which allows attackers to install code on phones running Google''s mobile operating system and then take control of them.
Security firm BlueBox had found a way to make changes to an app''s code without affecting the encrypted signature that Android uses to check the program is legitimate and has not been tampered with following which Google issued a patch to manufacturers to tackle the problem.
However, Symantec said that hackers have now exploited the flaw to install malware called Android. Skullkey, which steals data from compromised phones, monitors texts received and written on the handset, and also sends its own SMS messages to premium numbers.
The firm said that Trojan had been added to two legitimate apps used in China to find and make appointments with a doctor and more attacks are expected to leverage the vulnerability to infect unsuspecting user devices.
Symantec said that users should only download applications from reputable Android application marketplaces and affected users could manually remove the software by going into their settings menu, the report added.
No comments:
Post a Comment