A proof-of-concept exploit for the “master key” vulnerability in Android has already been made public, so it could be only a matter of time until we see some Trojanized apps that leverage the flaw.
In the meantime, Bitdefender experts have spotted a couple of fairly popular applications on Google Play that exploit the vulnerability. The apps in question are Rose Wedding Cake Game and Pirates Island Mahjong Free, both updated in mid-May.
However, in this case, the bug is not leveraged for malicious purposes.
“The applications contain two duplicate PNG files which are part of the game’s interface. This means that the applications are not running malicious code – they are merely exposing the Android bug to overwrite an image file in the package, most likely by mistake,” Bitdefender’s Bogdan Botezatu explained.
“In contrast, malicious exploitation of this flaw focuses on replacing application code,” he noted.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…