“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps


Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory.

The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.

Read more…
Source: Microsoft


Sign up for our Newsletter


Related:

  • Protecting Android clipboard content from unintended exposure

    March 6, 2023

    Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data. Examples even exist of attackers hijacking and replacing the clipboard contents for malicious purposes, such as modifying a copied ...

  • Medusa botnet returns as a Mirai-based variant with ransomware sting

    February 7, 2023

    A new version of the Medusa DDoS (distributed denial of service) botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer. Medusa is an old malware strain (not to be confused with the same-name Android trojan) being advertised in darknet markets since 2015, which later added HTTP-based DDoS ...

  • TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

    February 3, 2023

    Trend Micro researchers analyzed an ongoing campaign that has been targeting Android users in Southeast Asia since July 2022. Its goal is to steal victims’ assets from finance and banking applications (such as cryptocurrency wallets, credentials for official bank apps on mobile, and money in deposit), via a banking trojan they named TgToxic (detected by Trend ...

  • Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

    January 19, 2023

    Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer ...

  • Now this password-stealing Android malware wants to grab your bank details too

    January 5, 2023

    A prolific and powerful form of Android malware has switched its attention to online banking applications, using abilities including keylogging to steal usernames and passwords for bank accounts, social media profiles and more. Detailed by researchers at cybersecurity company ThreatFabric, the Android malware is part of the SpyNote family, a form of trojan spyware which has ...

  • Godfather: A banking Trojan that is impossible to refuse

    December 21, 2022

    The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including ...