A wave of attacks exploiting a Master Key vulnerability in Google's Android OS has been discovered.
Symantec researchers confirmed detecting two cases where legitimate applications have been warped into malware-spreading tools using the Master Key vulnerability.
"Norton Mobile Insight – our system for harvesting and automatically analysing Android applications from hundreds of marketplaces – has discovered the first examples of the exploit being used in the wild. Symantec detects these applications as Android.Skullkey. We found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments," read the statement.
"Using the vulnerability, the attacker has modified the original Android application by adding an additional classes.dex file (the file which contains the Android application code) and also adding an additional Android manifest file (the file which specifies permissions)."
Symantec warned that the apps are designed for a variety of malicious purposes and expects to see further attacks leveraging the vulnerability. "An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI [International Mobile Equipment Identity] and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands, if available," read the report.
"We expect attackers to continue to leverage this vulnerability to infect unsuspecting user devices. Symantec recommends users only download applications from reputable Android application marketplaces."
The Master Key vulnerability was first uncovered by Bluebox Security. Google has released a patch for the vulnerability to carriers and hardware partners. It is currently up to the partners to distribute the fix, a cycle that can take several months.
The news comes during a wider boom in the number of cyber attacks targeting Android. Most recently security firm BitDefender reported detecting a spike in the number of finance industry-focused attacks and ransomware levels targeting the ecosystem.