This library is included in popular apps on Google Play which have more than 200 million downloads in total.
The vulnerability is not yet known previously by any anti-virus or security vendor according to a report by Net-Security.
The ad library with code name “Vulna” (-vulnerability, hidden for now) presents accordingly critical security issues like:
- aggressive— if instructed by its server, it will collect sensitive information such as text messages, phone call history, and contacts. It also performs dangerous operations such as executing dynamically downloaded code.
- vulnerabilities – these vulnerabilities when exploited allow an attacker to utilize Vulna’s risky and aggressive functionality to conduct malicious activity, such as turning on the camera and taking pictures without user’s knowledge, stealing two-factor authentication tokens sent via SMS, or turning the device into part of a botnet.
By further analysis by the experts, an attacker could leverage his attacks and perform malicious actions, for example:
- steal two-factor authentication token sent via SMS
- view photos and other files on the SD card
- install icons used for phishing attacks on the home screen
- delete files and destroy data on demand
- impersonate the owner and send forged text messages to business partners
- delete incoming text messages without the user’s notice
- place phone calls
- use the camera to take photos without user’s notice
- read bookmarks or change them to point to phishing sites.
These aggressiveness and vulnerabilities on the ad library leaves android users, especially those enterprise users exposed into security threats.
For further information in this newly discovered mobile threat found by FireEye, you may browse it by clicking on this link.