In recent past time the researchers at bluebox security firm San Francisco reported a android signature vulnerebility threat which is also named as “Masterkey” vulnerability.
Although it is harmless to some extent but it produce a chance of abusing the vulnerability to make harmfull changes in the OS .The researchers also had explained the way in which this malicious code exists within these apps.They said that android apps comes in the form of APK format which is just a ZIP file.According to these researchers it is possible to intrude the file with the same name as of the original files in the app and this duplicate intruded file can easily contain a malicious code in it.
On behalf of this report Google also begun the scanning of all of its apps in the play store.This scan also presented the Google with the similar flaws as these researchers had reported.Now this process has got success because Google has identified two apps in Google play store that are containing the so called malicious code in them.
These two apps are:
1.Rose Wedding Cake Game(air.RoseWeddingCakeGame v 1.1.0)
2.Pirates Island Mahjong Free(air.PiratesIslandMahjong version 1.0.1)
Moreover the Bitdefender antivirus app for android also confirmed these apps to be containing this malicious code.Bogdan Botezatu a researcher at BitDefender security explains it as below.
Two of the apps, Rose Wedding Cake Game – ‘air.RoseWeddingCakeGame v 1.1.0’ and Pirates Island Mahjong Free ’air.PiratesIslandMahjong v 1.0.1’, have been last updated in mid-May and are increasingly popular with Android users. While the Pirates Island Mahjong Free has been installed by between 5,000 and 10,000 users, Rose Wedding Cake Game has between 10,000 and 50,000 installs.
There is no need to panic right away: the applications contain two duplicate PNG files which are part of the game’s interface. This means that the applications are not running malicious code – they are merely exposing the Android bug to overwrite an image file in the package, most likely by mistake. In contrast, malicious exploitation of this flaw focuses on replacing application code.
One thing that is particularly interesting about today’s discovery is the fact that the two applications exhibiting this behaviour managed to make their way into the Play Store without raising any red flags. However, patched Android distributions such as CyanogenMod will refuse to install the application with the mention that the “Package file was not signed correctly”.
Althogh the words by this researcher are showing a sign of only an accidental threat from this code but it is of very big concern that if these types of apps can enter into play store beside screening hinderences then in future there a very big chances that more potent threats can gain enterance into android platform if the google does not take any steps to polish and make application screening measures more stronger in the play store.
Previous news was that Google has sent device patches to the manufacturers to avoid this threat but the latest news is that only the galaxy s4 is made in such a way so as to be unharmed by this threat and till now there are no words from google on any type of update or a patch to be provided to the all the other devices to protect them.
Antivirus companies are updating there softwares to provide protection against this threat. Bitdefender for android as well as the Romanian vendor’s Antivirus Free for Android are updated recently to provide a protective shell to android devices againt this Masterkey vulnerability.
Although it is harmless to some extent but it produce a chance of abusing the vulnerability to make harmfull changes in the OS .The researchers also had explained the way in which this malicious code exists within these apps.They said that android apps comes in the form of APK format which is just a ZIP file.According to these researchers it is possible to intrude the file with the same name as of the original files in the app and this duplicate intruded file can easily contain a malicious code in it.
On behalf of this report Google also begun the scanning of all of its apps in the play store.This scan also presented the Google with the similar flaws as these researchers had reported.Now this process has got success because Google has identified two apps in Google play store that are containing the so called malicious code in them.
These two apps are:
1.Rose Wedding Cake Game(air.RoseWeddingCakeGame v 1.1.0)
2.Pirates Island Mahjong Free(air.PiratesIslandMahjong version 1.0.1)
Moreover the Bitdefender antivirus app for android also confirmed these apps to be containing this malicious code.Bogdan Botezatu a researcher at BitDefender security explains it as below.
Two of the apps, Rose Wedding Cake Game – ‘air.RoseWeddingCakeGame v 1.1.0’ and Pirates Island Mahjong Free ’air.PiratesIslandMahjong v 1.0.1’, have been last updated in mid-May and are increasingly popular with Android users. While the Pirates Island Mahjong Free has been installed by between 5,000 and 10,000 users, Rose Wedding Cake Game has between 10,000 and 50,000 installs.
There is no need to panic right away: the applications contain two duplicate PNG files which are part of the game’s interface. This means that the applications are not running malicious code – they are merely exposing the Android bug to overwrite an image file in the package, most likely by mistake. In contrast, malicious exploitation of this flaw focuses on replacing application code.
One thing that is particularly interesting about today’s discovery is the fact that the two applications exhibiting this behaviour managed to make their way into the Play Store without raising any red flags. However, patched Android distributions such as CyanogenMod will refuse to install the application with the mention that the “Package file was not signed correctly”.
Althogh the words by this researcher are showing a sign of only an accidental threat from this code but it is of very big concern that if these types of apps can enter into play store beside screening hinderences then in future there a very big chances that more potent threats can gain enterance into android platform if the google does not take any steps to polish and make application screening measures more stronger in the play store.
Previous news was that Google has sent device patches to the manufacturers to avoid this threat but the latest news is that only the galaxy s4 is made in such a way so as to be unharmed by this threat and till now there are no words from google on any type of update or a patch to be provided to the all the other devices to protect them.
Antivirus companies are updating there softwares to provide protection against this threat. Bitdefender for android as well as the Romanian vendor’s Antivirus Free for Android are updated recently to provide a protective shell to android devices againt this Masterkey vulnerability.
![[MarJana]](https://www.unp.me/data/avatars/s/108/108056.jpg?1585816329){kind=avatar}
