Millions of people are vulnerable to malware attacks on their Android devices that could potentially access sensitive information such as banking data, according to a report published this morning by mobile security research firm Bluebox Labs, which has named this threat “Fake ID.”
Every Android app has its own identity certificate, which is passed down from the developer who created it. However, Bluebox Labs has discovered a bug in the Android operating system that allows rogue developers to copy these identities and gain undue privileges for their malware apps.
Bluebox says this can result in a variety of consequences, including “insert[ing] a Trojan horse into an application by impersonating Adobe Systems; gain[ing] access to NFC financial and payment data by impersonating Google Wallet; or tak[ing] full management control of the entire device by impersonating 3LM.”
Using the Fake ID vulnerability, hackers can create an app that impersonates multiple identities at once, meaning users could be hit with all of the attacks listed above, and more, after downloading a single malicious app. […]
Read more about: Android Fake ID Bug Leaves Millions at Risk for Banking Data Theft, Malware Infection, and More