14 DAY TRIAL // Security researchers from Symantec have spotted a couple of malicious Android apps that leverage the recently discovered “master key” vulnerability, the issue that allows cybercriminals to trojanize legitimate apps without breaking their cryptographic signature.
Last week, Bitdefender experts identified two Android applications that exploited the vulnerability on Google Play. However, in that case, the apps were not malicious.
Bitdefender noted that it was most likely a mistake made by the developer.
On the other hand, the apps identified now by Symantec with the aid of its Norton Mobile Insight technology on Chinese marketplaces are clearly malicious.
The legitimate applications are designed to help Chinese Android users find doctors and make appointments. However, the infected apps – detected as Android.Skullkey – are designed to allow cybercriminals to take complete control of a device.
“An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands, if available,” Symantec experts noted.
In this case, the attackers have modified the legitimate applications by adding an extra classes.dex file and an Android manifest file.
The first file contains the application code, while the second one stores the specifications for the required permissions.
It’s worth noting that another variant of the vulnerability was discovered by Chinese researchers shortly after Bluebox Security broke the news. It’s uncertain which exploit is used for the malicious Chinese apps.
If you want to know if your device is susceptible to such attacks, or if you want to identify apps that leverage the vulnerability, you can try Bluebox Security’s free security scanner app.
In addition, you might also be interested in Duo Security’s ReKey app, which patches the vulnerability on rooted devices.