Malicious Android Application Stealing User Data & Personal Information
Yet again security vulnerability found in Android application. An information security company has warned about malicious Android smartphone applications that steal and transmit personal data, such as contact information stored in users' address books. The company said these types of free applications have been downloaded up to 270,000 times, indicating that potentially millions of people have had their personal information stolen. An Internet security expert said, "It's possible that creating applications that transmits users' information without consent can be considered a crime under the Penal Code, which criminalises the creation of computer viruses." The malicious application only has three buttons: Steal SD Card Contents, Steal App Data, and Upload Identifying Data.Every application has at least read-only access to the contents of this external storage. No Permissions scans the /sdcard directory and returns a list of all non-hidden files. All the files discovered can be fetched. The worrying part is that the SD card usually stores some of our most private files, including photos, backups, external configuration files, and, in some cases, even Open VPN certificates.
According to NetAgent, a Tokyo-based information security company, the applications were disguised as video tutorials for popular games on Google Inc.'s Android operating system. The applications were named by affixing the expression "the Movie" to existing game titles. The company found at least 16 of these applications.
The company's analysis revealed that when these applications are activated, they can automatically transmit not only a person's telephone number, their e-mail address and the phone's ID number, but also the personal names, telephone numbers and e-mail addresses of contacts stored on the smartphone's address book. Although the creators of these applications aren't well known, the stolen information was sent to the same domestic server. When users download the malicious applications, a message pops up on the display screen requesting permission for access to contact information. What ever the malicious application was immediately deleted from Android market. For additional information click here.
The company's analysis revealed that when these applications are activated, they can automatically transmit not only a person's telephone number, their e-mail address and the phone's ID number, but also the personal names, telephone numbers and e-mail addresses of contacts stored on the smartphone's address book. Although the creators of these applications aren't well known, the stolen information was sent to the same domestic server. When users download the malicious applications, a message pops up on the display screen requesting permission for access to contact information. What ever the malicious application was immediately deleted from Android market. For additional information click here.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
security-news
,
technews
,
vulnerablity
