Join thousands of people who receive the latest breaking cybersecurity news every day.
Researchers at Bluebox Security have discovered a vulnerability in the Android code base that would allow a hacker to write a malicious update for an Android application and not break the app’s cryptographic signature.
The Google Play store has been an Eden for hackers wanting to get malicious code onto Android devices. A number of things made the marketplace too tempting for attackers to resist, including the open source nature of the operating system, lax vetting of developers, and the ability to modify code in runtime by pushing app updates from outside the store.
Google’s brand new application verification service for Android, released in JellyBean 4.2, fails to measure up to its commercial counterparts, according to researchers from North Carolina State University.The new service determines whether applications installed on Android devices are malicious, yet in comparisons with 10 leading antivirus engines, and even Google’s newly acquired VirusTotal scanner, the new service detects at best 20 percent of Android malware.
A phisher hoping to harvest bank login details managed to smuggle his app onto the Android app store. Malicious apps posted by Droid09 were quickly identified, prompting a warning to legitimate users and a ban for the VXer. Read the full article. [The Register]
InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.