Malicious Android App Potentially Infects 1 Million Devices

By   ISBuzz Team
Writer , Information Security Buzz | Oct 04, 2015 06:00 pm PST

Craig Young, security researcher at Tripwire have the following comments in response to the news that a new malicious Android application has been discovered in Google Play which could potentially have been installed on up to one million devices.

[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire :

“This application is a prime example of how Android’s fragmented update distribution model has created huge opportunities for criminals. The fact is that Android as an open platform means that there is not one single authority maintaining and securing Android handsets but rather a collection of perhaps dozens of manufacturers and telecom carriers. While Google and a limited set of handset manufacturers have now pledged to produce monthly updates, the vast majority of devices seem to be forgotten or neglected by vendors. Part of the problem is that device creators focus on revenue creating activities like designing new hardware and implementing unique features rather than maintaining safe software for previously sold devices. Sometimes the enhancements made by vendors also have the impact of making it much harder to integrate the latest security updates from the Android Open Source Project (AOSP). Another big problem is that Android updates typically must be authorized and deployed by phone service providers, a process that is generally slow and incurs expenses for the carrier as well as the phone maker.

The rogue application identified by Check Point would have considerably reduced functionality on an up to date Nexus 4 or later phone but all bets are off for other devices many of which have functioning kernel exploits made available by the jailbreak community. While no system is going to be perfect, the use of reputable anti-virus applications on Android is advisable especially for less technical users and owners of non-Nexus devices.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]