The exploit interrupts the flow of an app from launch to welcome screen and forces a user to give a piece of malware powerful permissions before letting the legitimate app run.
"Our researchers focused on describing the vulnerability, as such, but we also collaborated with Lookout Security who contributed some parts by scanning their datasets of malware. They found 36 malicious apps that exploit the flaw," said Lars Lunde Birkeland, Promon's Marketing & Communication Director.
The exploit works by highjacking a legitimate app as it's launched on almost any Android phone.
Instead of going to the welcome screen or login page, the exploit allows a piece of malware to display so-called permissions pop-ups, the kind that asks if the app can access your contacts, location, and stored data.
"The victim clicks on the legit app but instead of being directed to the legit app the malware tricks the device to show a permission pop-up. The victim gives the malware and the attacker the permissions and then you're redirected to the legit app," said Birkeland.
The researchers found that a Trojan program called BankBot used the exploit to give itself powerful permissions that could intercept SMS messages, log keypresses, forward calls, and even lock a phone until you pay a ransom, a concern for anyone running banking, financial, or wallet apps on their phone.
The exploit can also show a fake login page for some apps on some Android phones but the permissions exploit is far more common.
"From here, through its research, Promon was able to identify the malware was being used to exploit a dangerous Android vulnerability. Lookout, a partner of Promon, also confirmed that they have identified 36 malicious apps exploiting the vulnerability. Among them were variants of the BankBot banking trojan observed as early as 2017," they wrote.
"While Google has removed the affected apps, to the best of our knowledge, the vulnerability has not yet been fixed for any version of Android," wrote the researchers.
"We appreciate the researchers work, and have suspended the potentially harmful apps they identified. Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we're continuing to investigate in order to improve Google Play Protect's ability to protect users against similar issues," said a Google spokesperson regarding the exploit.
Global Android Vulnerability Could Grab Wallet and Banking Data
gepubliceerd op Dec 3, 2019
by Coindesk | gepubliceerd op Coinage
Why Bitcoin: Federal Reserve to print billions to keep economy afloat
While Bitcoin is an asset independent of central banks, of banks, and of Wall Street, the cryptocurrency's strength and underlying value proposition have become increasingly dependent on events in the traditional financial world as this fledgling industry has grown.
Bitmain Rival MicroBT's Founder Arrested in China for Alleged Embezzlement
Yang Zuoxing, founder and CEO of Shenzhen-based bitcoin miner maker MicroBT, has been arrested for alleged embezzlement of about $15,000.
Crypto Incubators: An Ultimate Solution or Just a Tool for Startups?
After crypto prices went through the roof in 2017, an eruption of new tokens, companies and products occured.
Crypto Payments Firm FoPay Acquires Exchange AliExchange For $2.9B
Cryptocurrency payment service provider FoPay has acquired Estonian cryptocurrency exchange AliExchange for about $2.9 billion.