Header Ads


A potentially damaging virus, which steals SMSes and personal details of an Android-enabled gadget-user, has been detected in Indian cyberspace and internet security sleuths have asked mobile phone and tablet users to exercise caution while operating. 

The malware is affecting all the versions of Android prior to version 4.2.2 (Jelly Bean). 

"It has been observed that a critical vulnerability exists in Android which could allow attackers to inject malicious code into legitimate applications which makes it possible to change an application's code with-out affecting the cryptographic signature of the application, essentially allowing a malicious author to trick the Android device into believing that the crafted application is unchanged," the Computer Emergency Response Team-India (CeRT-In) said in its latest advisory to Android users in the country. 

The malicious programme, the advisory said, is so damaging that it could be used for stealing personal information like email addresses, IMEI numbers, SMSes and installed applications. 

"It could also send SMS or make calls from infected devices without user consent,'" the sleuths of the national cybersecurity centre said. 

"An attacker could exploit this vulnerability by placing other files with same name into an application package along with the legitimate files. The Android package verification occurs against the first file during installation. Thus, the crafted . APK passes the verification process and installs the second file. However, at run time  other malicious file gets executed,'" the advisory said.

The cyber police have also suggested some countermeasures. "Check for the permissions required by an application before installing, exercise caution while visiting untrusted sites for clicking links, run a full system scan through a device with a mobile security solution or mobile anti-virus solution, do not download and install applications from untrusted sources" the security agency said.

No comments:

Powered by Blogger.