This Android Malware Can Hijack Legitimate Apps
You may be aware of—and looking for—malware hiding in programs that appear to be legitimate but aren’t. But what happens when legitimate applications are unwittingly intercepted by malicious users intent on hijacking their programs?
That’s exactly what happened to a group of Android apps: Microsoft was the first to alert the world to an issue called “Dirty Stream,” which is a vulnerability that allows malicious apps to replace legitimate ones. Dirty Stream relies on a flaw in the ContentProvider, a system that allows different applications to share the same set of data. Without it, apps wouldn’t be able to communicate with each other or share the same data, reducing functionality and usability.
Attackers are focusing on “sharing targets,” or applications that intercept data and files from other applications, which typically include email, social media, messaging apps, and browsers, among others. Their fake apps sent malicious files to these apps, which intercepted them as usual, but inadvertently overrode important files in their own data set. By exploiting this vulnerability, attackers could execute their own code on your device, potentially hijacking it and also deleting your data.
Microsoft has highlighted several apps known to be affected by Dirty Stream, which have totaled over four billion installations. At the time of Microsoft’s report, each of the four apps on the list had been installed more than 500 million times. For example, WPS Office has over 500 million installs, and File Manager has over one billion.
It is usually advised to remove these applications from your phone . But these apps are not malicious: they have been hijacked. Thus, after Microsoft’s notifications, developers took action and removed the malware from their applications.
How to protect yourself from new Android malware
As developers patch their apps against this Dirty Stream vulnerability, the question becomes: what can you do to protect yourself?
This problem is completely unique to malware: if a legitimate application can be hacked for nefarious purposes, what should the end user do? Who would have thought that the default file manager app on Xiaomi phones would be hijacked like this?
Unique circumstances aside, the usual advice still applies: be careful what you download. Of course, you couldn’t do anything about the legitimate apps that were infected here, but it took another piece of malware to hijack them. That’s why it’s more important than ever to be vigilant when downloading and installing apps on Android.
The best choice will always be Google Play Store. While sideloading is a great benefit for Android ( at least outside the EU ), it comes with the added risk of downloading a malicious app. Google has protections in place to limit the chance of a malicious app reaching the market. Of course, this doesn’t mean that every app on the Play Store is safe. You will still have to check every program you decide to install. If something looks suspicious in an app, Play Store or not, avoid it.
Unfortunately, no one seems to have shared details about these malicious apps. Scan your phone and if you see something that makes you suspicious, delete it.
Microsoft, for its part, recommends keeping all apps updated as new patches are released to protect against these types of malware. Additionally, the company advises users to reset their credentials in the Xiaomi File Manager app.