Although both applications (used to find and schedule medical appointments) are valid, they have been modified by hackers. “Norton Mobile Insight – our system for harvesting and automatically analyzing android applications from hundreds of marketplaces – has discovered the first examples of the exploit being used in the wild. Symantec detects these applications as Android.Skullkey,” said the firm on their blog. “An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI and phone numbers, send premium SMS messages, and disble a few Chinese mobile security software applications by using root commands, if available,” added Symantec. Last week, BitDefender had detected two other applications that used the master key vulnerability by having two files with the same name. This is the first time, however, that malicious applications have been detected. The master key vulnerability was discovered earlier this month by startup firm Bluebox Security. A second similar vulnerability was also published by a Chinese android security group. Although Google quickly issued patches of the vulnerability, OEMs have been slow to include these patches in their respective devices. The only way android users can stay clear of these kinds of attacks is by limiting app downloads from third party android marketplaces. Also, android users can download the Bluebox security scanner to find out if and whether their devices have can be affected.
What happens if My Device is Vulnerable?
ReKey is an application that applies the Google patches to your android phone to seal the Bluebox master key and the Chinese vulnerabilities. This application, developed by Duo Security in collaboration with Northeastern University, requires root access to a device, which is usually not granted to most applications.
Via Symantec
