A pair of major vulnerabilities have emerged in Android apps in recent months, according to mobile app risk management vendor Appthority.
The company’s quarterly enterprise mobile threat update flags the emergence of rooting and overlay malware in Android apps. Three specific examples of rooting malware were detected in the third quarter inside apps on the Google Play store — Godless, LevelDropper and Overlay.
The Godless rooting malware can target virtually any Android device running on Android 5.1 (Lollipop) or earlier versions of the Google mobile OS, which includes nearly 90% of Android devices, Appthority said. The report adds that “malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.”
LevelDropper is an app with “autorooting”malware, a type of mobile malware that roots a device without the owner’s knowledge. The malware is designed to allow hackers to perform actions that normally require additional privileges. Similar to the Godless malware, LevelDropper roots Android devices and “enables remote installation of applications without the user’s knowledge or approval,” according to Appthority.
Creators of LevelDropper were able to disguise the rooting actions to prevent Google’s Bouncer security system from detecting them. Fortunately, this app has been removed from Google Play.
Overlay, not surprisingly, is the overlay malware flagged by Appthority. Overlay malware can be used to steal credentials for mobile banking and messaging apps, and is built to look and feel just like a target app. Hackers send SMS messages with notification of a failed shipment and a shortened URL. This can trick a recipient into clicking and inadvertently installing the malware.
“The overlay technique is becoming increasingly popular among attackers because it is effective,” Appthority writes. “It is difficult for users to distinguish the overlay screen from the real app which allows the bad actors to harvest a large number of credentials quickly.”
Enterprise security pros frequently advise users to avoid third-party apps sites in lieu of Google Play and Apple’s App Store, which screen apps for malware. But the process used by these sites isn’t foolproof.
For this reason, Appthority concludes, “enterprises still need to comprehensively monitor and prevent threats using solutions that detect not only known malware, but also precursors that indicate malicious potential behavior.”