Millions of Android smartphones are at serious jeopardy of "screen hijack" vulnerability that allows hackers to bag your passwords, banking concern details, too every bit helps ransomware apps extort coin from victims.
The worse affair is that Google says it won't endure patched until the liberate of 'Android O' version, which is scheduled for liberate inwards the third quarter this year.
And the worse, worse, worse affair is that millions of users are even then waiting for Android northward update from their device manufacturers (OEMs), which evidently way that bulk of smartphone users volition popular off on to endure victimized yesteryear ransomware, adware as well as banking Trojans for at to the lowest degree adjacent i year.
According to CheckPoint safety researchers, who discovered this critical flaw, the employment originates due to a novel permission called "SYSTEM_ALERT_WINDOW," which allows apps to overlap on a device's covert as well as elevation of other apps.
This is the same characteristic that lets Facebook Messenger floats on your covert as well as pops upward when individual wants to chat.
Starting alongside Android Marshmallow (version 6), launched inwards Oct 2015, Google updated its policy that yesteryear default grants this extremely sensitive permission to all applications guide installed from the official Google Play Store.
This characteristic that lets malicious apps hijack a device's covert is i of the almost widely exploited methods used yesteryear cyber criminals as well as hackers to describe a fast i on unwitting Android users into falling victims for malware as well as phishing scams.
Unfortunately, it’s a known fact that Google Bouncer is non plenty to hold all malware out of the marketplace seat as well as our readers who are next regular safety updates improve aware of frequent headlines like, "discovered this critical flaw, the employment originates due to a novel permission called "ransomware apps constitute on play store," "hundreds of apps infected alongside discovered this critical flaw, the employment originates due to a novel permission called "adware targeting play shop users."
Recently, researchers uncovered several Android apps available on Play Store carrying the 'discovered this critical flaw, the employment originates due to a novel permission called "BankBot banking trojan,' which abused the SYSTEM_ALERT_WINDOW permission to display overlays identical to each targeted banking concern app's login pages as well as bag victims' banking passwords.
This way that still, an unknown set out of malicious apps are out at that topographic point on Google Play Store equipped alongside this unsafe permission, which could threaten the safety of millions of Android users.
Moreover, gain to stick to the trusted brands entirely as well as e'er await at the comments left yesteryear other users.
Always verify app permissions earlier installing apps as well as grant entirely those permissions which bring relevant context for the app's purpose if you lot desire to endure safe.
The worse affair is that Google says it won't endure patched until the liberate of 'Android O' version, which is scheduled for liberate inwards the third quarter this year.
And the worse, worse, worse affair is that millions of users are even then waiting for Android northward update from their device manufacturers (OEMs), which evidently way that bulk of smartphone users volition popular off on to endure victimized yesteryear ransomware, adware as well as banking Trojans for at to the lowest degree adjacent i year.
According to CheckPoint safety researchers, who discovered this critical flaw, the employment originates due to a novel permission called "SYSTEM_ALERT_WINDOW," which allows apps to overlap on a device's covert as well as elevation of other apps.
This is the same characteristic that lets Facebook Messenger floats on your covert as well as pops upward when individual wants to chat.
Starting alongside Android Marshmallow (version 6), launched inwards Oct 2015, Google updated its policy that yesteryear default grants this extremely sensitive permission to all applications guide installed from the official Google Play Store.
This characteristic that lets malicious apps hijack a device's covert is i of the almost widely exploited methods used yesteryear cyber criminals as well as hackers to describe a fast i on unwitting Android users into falling victims for malware as well as phishing scams.
"According to our findings, 74 per centum of ransomware, 57 per centum of adware, as well as xiv per centum of banker malware abuse this permission every bit utilisation of their operation. This is clearly non a tyke threat, only an actual tactic used inwards the wild," CheckPoint researchers notes.Google has been using an automated malware scanner called Bouncer to honor malicious apps as well as preclude them from entering the Google Play Store.
Unfortunately, it’s a known fact that Google Bouncer is non plenty to hold all malware out of the marketplace seat as well as our readers who are next regular safety updates improve aware of frequent headlines like, "discovered this critical flaw, the employment originates due to a novel permission called "ransomware apps constitute on play store," "hundreds of apps infected alongside discovered this critical flaw, the employment originates due to a novel permission called "adware targeting play shop users."
Recently, researchers uncovered several Android apps available on Play Store carrying the 'discovered this critical flaw, the employment originates due to a novel permission called "BankBot banking trojan,' which abused the SYSTEM_ALERT_WINDOW permission to display overlays identical to each targeted banking concern app's login pages as well as bag victims' banking passwords.
This way that still, an unknown set out of malicious apps are out at that topographic point on Google Play Store equipped alongside this unsafe permission, which could threaten the safety of millions of Android users.
“After Check Point reported this flaw, Google responded it has already laid plans to protect users against this threat inwards the upcoming version “Android O.”
“This volition endure done yesteryear creating a novel restrictive permission called TYPE_APPLICATION_OVERLAY, which blocks windows from beingness positioned inwards a higher house whatever critical organisation windows, allowing users to access settings as well as block an app from displaying warning windows.”Meanwhile, users are recommended to beware of fishy apps, fifty-fifty when downloading from Google Play Store.
Moreover, gain to stick to the trusted brands entirely as well as e'er await at the comments left yesteryear other users.
Always verify app permissions earlier installing apps as well as grant entirely those permissions which bring relevant context for the app's purpose if you lot desire to endure safe.
Share This :
comment 0 Comments
more_vert