It didn’t take long as a wave of attacks exploiting a Master Key vulnerability in Google’s Android OS are now out and available.
Two cases where legitimate applications ended up wrapped into malware-spreading tools using the Master Key vulnerability ended up detected by Symantec researchers.
“Norton Mobile Insight – our system for harvesting and automatically analyzing Android applications from hundreds of marketplaces – has discovered the first examples of the exploit being used in the wild. Symantec detects these applications as Android.Skullkey. We found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments,” Symantec said.
“Using the vulnerability, the attacker has modified the original Android application by adding an additional classes.dex file (the file which contains the Android application code) and also adding an additional Android manifest file (the file which specifies permissions).”
Symantec warned the apps are for a variety of malicious purposes and expects to see further attacks leveraging the vulnerability.
“An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI [International Mobile Equipment Identity] and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands, if available,” read the report.
“We expect attackers to continue to leverage this vulnerability to infect unsuspecting user devices. Symantec recommends users only download applications from reputable Android application marketplaces.”
The Master Key vulnerability first came to light from Bluebox Security. Google released a patch for the vulnerability to carriers and hardware partners. It is currently up to the partners to distribute the fix, a cycle that can take several months.
The news comes during a wider boom in the number of cyber attacks targeting Android. Most recently security firm BitDefender reported detecting a spike in the number of finance industry-focused attacks and ransomware levels targeting the system.