Working Exploit Discovered for Android Apps

Hackers are taking legitimate Android apps and turning them into trojans.

Researchers have uncovered and released the details of an exploit code that lets hackers convert legitimate Android apps into malicious trojans. The exploit centers around the way legitimate Android apps are cryptographically signed to ensure they are unaltered. Senior mobile security engineer at viaForensics, Pau Oliva Fora, released a 32-line proof-of-concept code which opens up existing Android apps to being manipulated by anyone with a moderate level of skill while still maintaining the cryptographic signature.

Luckily, the Google Play marketplace is constantly scanning available apps for signs that they might have been compromised. A number of apps can also be downloaded to scan the apps already on the phone for signs of this exploit. Oliva Fora warns Android users to always be wary of downloading apps from a third-party marketplace.

Original article by Dan Goodin.
Read the full story here.

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to! We even made a movie with all the reasons why infotex...

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...