Malware is never an easy subject for Android device owners. Savvy users usually say the matter is overblown and that they know how to protect themselves against such threats, though that’s not always the case. Google acknowledges the matter but usually minimizes it, though it’s also constantly coming up with better means for protecting the safety of users. Meanwhile millions of Android devices fall prey to malware, and most of the time users don’t even know what’s going on.
New research from Palo Alto Networks has brought to light a terrifying vulnerability in Android that could be used for secretly installing malware apps on a device on almost 50% of existing devices, Business Insider reports.
That percentage was even higher in January when the Android Installer Hijacking was initially discovered, when it could affect as many as 89.4% of Android devices that were active at the time. However, as of March 2015, it now looks like the exploit would affect 49.5% of current active Android phones.
What basically happens is that an attacker can fool the system into installing malware apps in the future, with the risk being higher for users who get most of their apps from third-party stores.
By offering a legitimate app that can monitor subsequent app installs, a hacker can instruct a phone to download and install malware apps instead of the apps the users think they’re getting. All this happens without the users realizing what’s happening, as download and install instructions can be activated as users check out the permissions screen for the apps they think they’re about to install. Once malicious software is installed on the Android device, it can be used for a variety of purposes, including stealing sensitive personal data belonging to the users.
Palo Alto Networks worked with Google, Samsung, Amazon and others to remove these threats from existing products, but they can still affect certain users. “The Android Security Team has not detected any attempts to exploit this vulnerability on user devices,” Google said about the exploit
In order to avoid being exposed to the Android Installer Hijacking exploit, users should avoid installing software from untrusted sources and upgrade their devices to Android 4.3_r0.9, if possible. Furthermore, they shouldn’t root their devices, and shouldn’t let apps access “logcat”, the company says.
A full description of how this software exploit works is available at the source link.