Hackers are taking legitimate Android apps and turning them into trojans.

Researchers have uncovered and released the details of an exploit code that lets hackers convert legitimate Android apps into malicious trojans. The exploit centers around the way legitimate Android apps are cryptographically signed to ensure they are unaltered. Senior mobile security engineer at viaForensics, Pau Oliva Fora, released a 32-line proof-of-concept code which opens up existing Android apps to being manipulated by anyone with a moderate level of skill while still maintaining the cryptographic signature.

Luckily, the Google Play marketplace is constantly scanning available apps for signs that they might have been compromised. A number of apps can also be downloaded to scan the apps already on the phone for signs of this exploit. Oliva Fora warns Android users to always be wary of downloading apps from a third-party marketplace.

Original article by Dan Goodin.
Read the full story here.

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...

The Blue Team Exercise

Enhancing Incident Response... ... Through real-world Technical Attack Simulations ...

CISO Liability

Who is at risk? Are you covered? Another one of those Dan's New Leaf Posts, meant to inspire thought about IT Governa...

Meet The Blue Team

The Unsung Heroes of Infosec An Article Review While ...

Working Exploit Discovered for Android Apps

Hackers are taking legitimate Android apps and turning them into trojans.

Related Posts

The Magnificent Seven 2023

The Blue Team Exercise

CISO Liability

Meet The Blue Team

infotex

MANAGING TECHNOLOGY RISK

SERVICES

EDUCATION

COMPANY

CONTACT

SIGN UP FOR OUR BLOG

As part of infotex‘s service to our clients, find “non-mainstream” articles about relevant security issues.