Network technologies and trends

Apr 12 2015   5:01AM GMT

Android Installer Hijacking Vulnerability is capable of exposing Android users to malware’s.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
Amazon
Android
Google
Mobile
Palo Alto Networks
Password
samsung

It’s been estimated that almost half of Android devices are prone to newly discovered vulnerability “Android installer hijacking”. This vulnerability is capable of allowing third parties to access an Android device and empowers them to install their own surveillance malware; even they can steal the personnel data from an Android device.

Screen Shot 2015-04-12 at 7.51.31 AM

Picture Courtesy: Palo Alto Networks

The Palo Alto Networks researchers discovered this vulnerability and according them, this vulnerability triggers only when an Android app is either downloaded from any third party app store or when users clicks on the advertisements displayed by the app.

The summary published by Palo Alto is as follows

  • Android Installer Hijacking allows an attacker to modify or replace a seemingly benign Android app with malware, without user knowledge. This only affects applications downloaded from third-party app stores.
  • The malicious application can gain full access to a compromised device, including usernames, passwords, and sensitive data.
  • Palo Alto Networks worked with Google and major manufacturers such as Samsung and Amazon to inform them of the vulnerability and issue patches for their devices.

The suggestion from Palo Alto Networks is to install a vulnerability scanner, which Palo Alto Networks developed especially for this vulnerability.Pick up the free installer from the Google Play Store. The only way to avoid being affected by these kinds of vulnerabilities is to download the apps, which are available in Google Play Store.

The complete report can be read at this link.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • WilliamXu
    Hi, Yasir, this is William from 360 Security Group. We developed an free app called “Installer Hijacking Defender” to perfectly protect android devices against the vulneralbility  Android Installer Hijacking. The app has attracted over 30,000 downloads in a short time and is highly rated in Google Play.

    We hope more android users could know this app and protect their devices. It’ll be great if you could introduce our app to your audience.

    More information about “Installer Hijacking Defender” please check the links below.

    Any question please feel free let me know. william.xu@360safe.com

    Thanks!

    Google Play Link: https://goo.gl/eMKuvb

    Official Blog 1:
    World’s first Android app for Installer Hijacking Vulnerability Installer Hijacking Defender launched
    http://goo.gl/vFfBse

    Official Blog 2:
    How can we detect Installer Hijacking Vulnerability and protect the compromised devices automatically?
    http://goo.gl/3JnCsx

    William
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: