Malware using the Android Master Key intercepted in the wild, here's how to protect yourself

Malware using the Android Master Key intercepted in the wild, here's how to protect yourself
It was back at the beginning of the month when we first broke for you the news of a new, massive vulnerability, plaguing 99% of Android devices. First discovered by mobile security company Bluebox, the flaw was reported to Google back in February. Since then, Google has patched the Play Store and has provided its OEM partners with a patch for it.

Yet here we are again. And now it's official – the first detected malware taking advantage of the vulnerability has been intercepted by Symantec whilst running amok in China. The security giant reports that the code has been implanted in otherwise legit apps that help you find and appoint a meeting with a doctor. The source of the infected app? A third-party store, of course.

We won't get into the tech lingo, instead we'll just report that according to Symantec, the exploit grants said malicious code remote access to infected devices. This leaves the gates wide open, the company claims, for a wrongdoer to steal sensitive information such as your IMEI, phone number, and also send premium SMS messages and execute root commands.

There's no doubt in our minds that more attacks of this sort are sure tofollow, so here's what you can do to protect yourself:


source: Symantec, Thumbnail image courtesy of ReKey

FEATURED VIDEO

28 Comments

1. LetsBeHonest

Posts: 1548; Member since: Jun 04, 2013

This is what happens when it is open source well "every action has its equal or opposite reaction" I think its time too make android a little bit more closed it atleast a built in antivirus like windows 8 has. Google must do a major update towards Android's security. may be android 4.3 or KLP may bring some solution for this part, like a PROJECT SECURITY or something like that better act fast before things get too messy

5. Os_Money

Posts: 20; Member since: Jul 01, 2013

I don't think you understand the benefits of open source and how android isn't exactly as open as many people believe it to be.

7. deathgod

Posts: 122; Member since: Nov 23, 2011

The infected got it from going to a third party store, like most people who get these type of viruses. Also viruses and malware are present on (almost?) every platform, it's not Android specific. Just use common sense and scan the things you dl before you install if you getting them from third party sources.

9. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

+1. Not unlike safe-sex practices....

2. scriptwriter

Posts: 396; Member since: Nov 13, 2012

Norton Mobile Security is a huge battery drain as it has to run all the time. It nearly halved my battery life.

3. abcdefgh

Posts: 471; Member since: Mar 29, 2013

step1:#switchtowindowsphone

4. hung2900

Posts: 966; Member since: Mar 02, 2012

If you jailbreak your WP and install 3rd party apps, and malware is still a possibility. Most of critics about "blah blah blah Android malware" intent to ignore to say clearly (for misleading many people) that the risk only comes from 3rd party apps (mostly pirate apps), and no problem with Google Play application. If you install pirate app on Windows, the same problem. Haters gonna hate in silly way.

14. UrbanPhantom

Posts: 949; Member since: Oct 30, 2012

You cannot jailbreak your WP device, and no pirate apps exist to install. Malware is not a problem for Windows Phone at all...

19. networkdood

Posts: 6330; Member since: Mar 31, 2010

Not true....http://windowsphonehacker.com/articles/the​_complete_guide_to_jailbreaking_windows_phone_7_an​d_7.5-09-24-11

22. UrbanPhantom

Posts: 949; Member since: Oct 30, 2012

WP8 uses an NT based kernel, and the new code isn't anything like what runs on older WP7.x devices. Thus it has not been proven to have been jail-broken. Why do you think the older Lumia 900 can't run WP8 apps? Duh!!!

25. gabyteodor

Posts: 7; Member since: Oct 24, 2011

Not jbroken... yet

6. Googler

Posts: 813; Member since: Jun 10, 2013

Every OS is prone to problems. EVERY OS.

26. itsdeepak4u2000

Posts: 3718; Member since: Nov 03, 2012

Especially iOS.

10. NexusKoolaid

Posts: 493; Member since: Oct 24, 2011

Any safety or peace of mind afforded to you by switching to Windows Phone is due entirely to it's limited market share. It's simply not a tempting target - not enough payoff for the work involved. IF Windows Phone ever gains significant market share it too will become the target of hackers.

17. UrbanPhantom

Posts: 949; Member since: Oct 30, 2012

WP does not suffer from the same security flaws as Android: it's not just due to the OS being less popular, but also because Microsoft maintains strict control over the native code. Google gives everything away for free, hence the concept "open source".

20. networkdood

Posts: 6330; Member since: Mar 31, 2010

Lol..you want to trust MS? A company that is a proven spy. Microsoft OS gets hacked on a daily basis.

23. UrbanPhantom

Posts: 949; Member since: Oct 30, 2012

networkdood, why don't you show us some legitimate proof that WP8.x has been hacked? Go ahead... Also, Google gives away personal information to the government just as willingly as Microsoft. You are naive if you truly believe that Google is morally and ethically superior!

12. kanagadeepan

Posts: 1254; Member since: Jan 24, 2012

Terr0rists put b0mbs on stadium, residential areas, markets, malls, temples/churches where soo many people will be gathering.. They never b0mb graveyards... But that doesn't means we should leave home and live in graveyards... So at first glance graveyard may be looking very safe comparing home... But once terr0rists found that all people in town started gathering in graveyard for safety, they will b0mbard that place too... ------------------------------- This is the reason I am still using Windows in my desktop though soo many viruses are for this OS... I will never switch to OS X for viruses in windows... The same applies for your solution...

13. Timothy_Drake

Posts: 1; Member since: Jul 18, 2013

What a bullshxt you can jailbreak WP8, jailbreak is for iOS

15. UrbanPhantom

Posts: 949; Member since: Oct 30, 2012

There's no jailbreaking for WP8, and such claims to the contrary are false and misleading.

16. CELLKONTECH

Posts: 11; Member since: Feb 23, 2013

Step-1 # Buy a galaxy s4, 2 # get cyanogen mode 3 # buy the metal back cover by Ginovo From ebay the best combo ever...its the only android device that is safe of this malware.yeah,samsung knox security system makes it safe.if u dnt believe read the prev article of phonearena abt "Android Vulnerability"

8. zennacko unregistered

Simple solution: buy a GSM dumbphone, be happy with a battery that lasts a week on intense use, a phone that isn't vulnerable (for the simple fact that it can't be updated or download anything from third parties), and last but not least, comes with the snake game and will probably work with any (GSM) carrier since it doesn't use LTE or 3G and an EDGE-capable or 1G quad-band phone isn't hard to find!

11. taz89

Posts: 2014; Member since: May 03, 2011

Simple don't install from unknown sources

18. networkdood

Posts: 6330; Member since: Mar 31, 2010

Huh...never once had a malware issue with Android...keep on perpetuating the myth.

21. kanagadeepan

Posts: 1254; Member since: Jan 24, 2012

What if I say its now patched for ALL ROOTED users???? Install this app (https://play.google.com/store/apps/details?id=tungstwenty.xposed.masterkeydualfix ) from Play Store and XposedInstaller apk fromhttp://forum.xda-developers.com/showthread.php?t=1574401 Run xposedinstaller and enable masterkeyDualFix in Modules Tab... Then again come to Install update in "Update framework" Tab and then reboot (by pressing the reboot button below)... Root access will be asked and allow... On restarting run masterKeyDualFix app and its done... Download and run (https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner )blueBox security to confirm this... Checked in my both rooted RazrMAXX and RazrMAXX_HD... OPEN-SOURCE ROCKS... Even if a threat arises, solution will also arrive immediately...

24. UrbanPhantom

Posts: 949; Member since: Oct 30, 2012

Google's Android will never be secure, and there are probably other back doors built into the OS that will be exploited as well... Solution: Switch to Windows Phone.

27. itsdeepak4u2000

Posts: 3718; Member since: Nov 03, 2012

Open source is good. Loads of choices of apps, so guys do check your phone and follow above instructions.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.