Chrome vulnerability may have put 318,000 Android devices at risk
As our regular readers are aware, barely a week goes by without some reference to a new Android vulnerability being made. This week is apparently no different, according to SecureList, a Kaspersky-owned security info blog.
Over 300,000 Android devices have reputedly fallen prey to a scam attack carried out via a Chrome browser vulnerability. This vulnerability takes the form of a pop-up, saying the user’s phone (or tablet) is infected with a virus, and offering to fix the problem if the user clicks the accompanying “Remove Virus Now” button.
The trouble is, the user’s phone is generally not infected. Clicking the button displays an attempt to coax the user into changing the “Install from unknown sources” OS setting in order to allow the installation of APK files from non-Google-approved locations. If the user accepts the Settings change and installs the offered APK, malware steals information from the device.
Kaspersky Lab, a Moscow-based anti-malware provider and owner of SecureList, reported the findings from its blog article to Google. The search giant then shut down the operation that linked AdSense advertisements with these false virus warnings. The researchers noted:
“Google has been quick to block the ads that the Trojan uses for propagation”.
Although it may be troubling that these types of reports seem to be never-ending, it is heartening to see that Google seem to be on top of fixing issues and vulnerabilities in its products.
What do you think about this latest issue? Is it possible to design an operating system without continually having to fix it’s vulnerabilities? Let us know what you think in the Comments below!