The Google Play Store is under attack by a new wave of malware – malicious software – that can result in the theft of sensitive data, login data, passwords and financial details like Login banking institutions.
The alert was given by investigators from the security agency Check Point, pointing out the susceptibility of numerous applications for Android that have not yet taken precautions against a serious vulnerability, exposed since August 2020 by Oversecured.
Vulnerability puts several Android apps at risk
At stake is the vulnerability CVE-2020-8913. Your modus operandi consists of executing code that will give hackers control over all resources to which an application is entitled, based on the permissions granted to them.
Once this vulnerability has been exploited, attackers can harvest various metrics and information from the user. Among sensitive data and other sensitive information, the preferred target is login details and credentials.
According to Check Point researchers, the security breach originates from the Google Play Store Library. This is the official platform interface, the place from which developers can make new updates available for their applications, or launch new modules with additional content for apps.
This gives attackers the ability to run specific modules in any of the apps in that library. In other words, it multiplies the harmful potential of a security breach if the vulnerability is exploited.
The serious vulnerability in the Google Play Store Library
In view of the above, especially in the detailed video, it is now urgent to pressure the responsible programmers to fill the gap. Note that Google, on April 6, 2020, recognized the existence of the same and made available the patch respective.
Furthermore, the severity of the failure was rated at 8.8 out of 10, illustrating the seriousness of the case. Now it’s up to programmers to apply security fixes based on the package made available by Google.
Unfortunately, as of the writing of this article, there are still several popular apps on the Play Store susceptible to this type of threat. Check Point researchers looked at a set of popular apps last September, concluding that 13% of applications remained dangerously exposed.
Popular apps with security holes
- Browsers: Edge
- Dating: Grinder, OKCupid, Bumble
- Maps and navigation: Yango Pro (Taximeter), Movit
- Social networks: Viber
- Business: Cisco Teams
- Utilities: Xrecorder, PowerDirector
These are the Android apps that were still at risk, with Check Point notifying those responsible. However, Viber and Booking have already released security patches with the latest security updates.
EBox editors recommend: