Sluggish Android updates put users at risk. Could rising public awareness of the flaw lead carriers and device makers to patch more quickly?
Security researchers have spotted a legitimate banking app for Android smartphones and tablets that has been "trojanized" using the so-called master key vulnerability. That flaw, which affects all versions of Android prior to version 4.2.2, can be used by attackers to inject malicious code into a digitally signed, legitimate Android app.
In this case, attackers have been offering a trojanized update for a legitimate online banking app distributed by South Korea's NH Nonghyup Bank. The Android app is used by up to 10 million people.
Running the malicious app triggers a screen asking users to enter their account details. "Should the user comply, their information would be sent to a remote malicious server controlled by the cybercriminal," said Peter Yan, a Trend Micro mobile security engineer, in a blog post. In other words, people who fall for the attack would be likely targets for cybercriminals trying to drain their bank accounts
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024