The latest vulnerability that was brought to our attention targets Android users, and although it has not caused any damage yet, it has the potential to give you quite a headache. It has been discovered that “a design flaw” in the Android operating system could allow for unwanted pop-ups to appear whenever a set application is running thus defiling your smartphone with annoying pop-ups. However, if executed properly, the flaw could potentially be used for phishing attacks to be targeted at your device.
In a nutshell, when the malware detects that your banking app or e-mail client, for example, is running, it can launch an identically-looking pop-up app asking for your credentials. What makes things worse is that the execution of the pop-up app can happen so fast that the user would probably never realize what has happened until it is too late. The malware could even install itself as a service and run seamlessly in the background even after the phone is rebooted.
There have been no registered cases of the so-called design flaw being used in a malicious way, but a proof-of-concept application has been demonstrated just recently at the DefCon hacking convention. That is why we have said it before and we will say it again - you should always be extra careful when downloading apps from any shady-looking software marketplaces as you never know what might be coming along with them.