The latest Android vulnerabilities threatening enterprises

A pair of major vulnerabilities have emerged in Android apps in recent months, according to mobile app risk management vendor Appthority.

The company’s quarterly enterprise mobile threat update flags the emergence of rooting and overlay malware in Android apps. Three specific examples of rooting malware were detected in the third quarter inside apps on the Google Play store — Godless, LevelDropper and Overlay.

The Godless rooting malware can target virtually any Android device running on Android 5.1 (Lollipop) or earlier versions of the Google mobile OS, which includes nearly 90% of Android devices, Appthority said. The report adds that “malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.”

LevelDropper is an app with “autorooting”malware, a type of mobile malware that roots a device without the owner’s knowledge. The malware is designed to allow hackers to perform actions that normally require additional privileges. Similar to the Godless malware, LevelDropper roots Android devices and “enables remote installation of applications without the user’s knowledge or approval,” according to Appthority.

Creators of LevelDropper were able to disguise the rooting actions to prevent Google’s Bouncer security system from detecting them. Fortunately, this app has been removed from Google Play.

Overlay, not surprisingly, is the overlay malware flagged by Appthority. Overlay malware can be used to steal credentials for mobile banking and messaging apps, and is built to look and feel just like a target app. Hackers send SMS messages with notification of a failed shipment and a shortened URL. This can trick a recipient into clicking and inadvertently installing the malware.

“The overlay technique is becoming increasingly popular among attackers because it is effective,” Appthority writes. “It is difficult for users to distinguish the overlay screen from the real app which allows the bad actors to harvest a large number of credentials quickly.”

Enterprise security pros frequently advise users to avoid third-party apps sites in lieu of Google Play and Apple’s App Store, which screen apps for malware. But the process used by these sites isn’t foolproof.

For this reason, Appthority concludes, “enterprises still need to comprehensively monitor and prevent threats using solutions that detect not only known malware, but also precursors that indicate malicious potential behavior.”

Good advice.

RELATED LINKS

On spreading malware and mayhem with a USB stick

Is Apple’s App Store security overrated?

One key step to protecting at-risk enterprise applications

Comments

  1. Rooting is a technique which is most commonly used by the android users i have seen many people root their phone and install duplicate OS of Apple which is not good so it is vulnerable thing.

    Like

  2. Its definitely not a good practice to download third- party apps. These apps may contain malware which can threaten system. Must read article for all mobile app developers.Thanks for sharing this info. One must download apps from the App store or Google play for authentication.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: