Android Master-Key Malware Already Blocked by McAfee Mobile Security

By on

The Android Master Key vulnerability, which was first reported by BlueBox Security, has been big news this month. McAfee explained the vulnerability and defense against future malware exploiting it in a previous blog.

Last week the first malware that exploit the Master Key vulnerability were found in an Android application market in China. The app used the vulnerability to hide the malicious classes.dex from Android’s package signature verification.

 

exploit-masterkey-1

 

This vulnerability allows an attacker to inject malicious code by putting duplicate executable files–such as classes.dex–in an application package. The package verification step at installation is done against the original, legitimate file, but at runtime the second, malicious file takes over. The attacker’s malicious code in the second classes.dex collects and sends the device’s sensitive information to remote servers and also sends SMS messages to those who are in the victim’s contact list. A second AndroidManifest.xml file, corresponding to the second classes.dex, replaces the legitimate .xml so that additional permission declarations are injected along with several broadcast receivers and services registrations.

 

exploit-masterkey-2

 

The only good news might be that at installation users can see the list of requested permissions that are declared in the second AndroidManifest.xml; so they might at least notice the excessive permission requests.

McAfee provided its solution, via McAfee Mobile Security, to this threat before the first malware appeared in the wild, proactively detecting and blocking this threat as Exploit/MasterKey.A. The solution should also work against future variants of this Master Key malware.

 

exploit-masterkey-3

Categories: McAfee Labs, Mobile and IoT Security
Tags: ,

Leave a Comment

Similar articles

Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security ...
Read Blog
Logging onto a free Wi-Fi network can be tempting, especially when you’re out running errands or waiting to catch a flight at the airport. But this could have serious cybersecurity consequences. One popular Android app, which allowed anyone to search for nearby Wi-Fi networks, was recently left exposed, leaving a database containing over 2 million network passwords unprotected. ...
Read Blog