MORE FROM FORBES Stop This 'Secret' Location Tracking On Your iPhone-3 Critical Settings You Need To Change Today By
#SHOULD I ALLOW ANYSEND TO BE INSTALLED VERIFICATION#
This is one of the “two most commonly abused mechanisms in Android,” Hazum tells me, “mostly used for spying.” It can also be used to automatically push new infections, making it very dangerous to those who have been infected and their contacts, Hazum points out, explaining that the same vulnerability was used by the infamous Joker malware, “to grab the content of the verification SMS received by the Premium Service” which infected users had been subscribed to without their knowledge. It will almost certainly now be used again and again, and you need to take steps to keep yourself protected. It is suddenly very real-with two exploitations already this year. The attack vector is now very much public domain. This “new and innovative malicious threat,” Check Point says, was stopped quickly after just a few hundred installs, but it should never have been enabled in the first place. The difference here is that a malicious app was installed from the Play Store itself, rather than a third-party store, and that’s very bad news indeed. We saw the same vulnerability in January and there’s even a prescient warning from as far back as 2016.
“It’s very rare to find a good use for this permission,” Check Point’s Aviran Hazum tells me, “for the most part, this is not a requested permission by legitimate apps.”
The serious vulnerability is Android’s “ Notification Listening Service,” which can be enabled by a permission a newly installed app tricks users into granting, and which will allow the app to intercept and manipulate incoming messages. FlixOnline Malware on Google Play Store Check Point Research
0 kommentar(er)
