“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps


Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory.

The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.

Read more…
Source: Microsoft


Sign up for our Newsletter


Related:

  • New Android malware ‘RatMilad’ can steal your data, record audio

    October 5, 2022

    A new Android spyware named ‘RatMilad’ was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data. The RatMilad spyware was discovered by mobile security firm Zimperium who warned that the malware could be used for cyber espionage, extortion, or to eavesdrop on victim’s conversations. “Similar to other mobile spyware we ...

  • Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

    September 21, 2022

    Microsoft analysis of a recent version of a previously reported info-stealing Android malware, delivered through an ongoing SMS campaign, demonstrates the continuous evolution of mobile threats. Masquerading as a banking rewards app, this new version has additional remote access trojan (RAT) capabilities, is more obfuscated, and is currently being used to target customers of Indian ...

  • SharkBot malware sneaks back on Google Play to steal your logins

    September 4, 2022

    A new and upgraded version of the SharkBot malware has returned to Google’s Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations. The malware was present in two Android apps that did not feature any malicious code when submitted to Google’s automatic review. However, SharkBot is added in an ...

  • Malware devs already bypassed Android 13’s new security feature

    August 17, 2022

    Android malware developers are already adjusting their tactics to bypass a new ‘Restricted setting’ security feature introduced by Google in the newly released Android 13. Android 13 was released this week, with the new operating system being rolled out to Google Pixel devices and the source code published on AOSP. As part of this release, Google attempted ...

  • Roaming Mantis hits Android and iOS users in malware, phishing attacks

    July 19, 2022

    After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February. In a recently observed campaign, the threat actor ...

  • Toll fraud malware: How an Android application can drain your wallet

    June 30, 2022

    Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique ...