Newer devices offered fixes, reported apps removed
In a week which has been dominated by news of brand-new, headphone-socket-free smartphones and other smartphones that catch fire and explode, important news from the Mobile Landscape seems to have gotten somewhat buried.
Millions of Android device users could be affected by the latest two critical vulnerabilities, which were revealed but will stay unfixed on an unknown number of devices. Additionally, Google Play users may have downloaded malicious apps as many as 2.5 million times!
The vulnerabilities are as serious as the well-publicised Stagefright bug. Google began issuing updates addressing the latest bugs on Tuesday, but a large number of Android devices are not eligible to receive these updates. Those that are don’t always receive the updates immediately!
The malicious apps were revealed by security company Checkpoint, which reported that the apps have been downloaded as many as 2-and-a-half million times. Up to forty apps were found to be infected with a family of malware known as DressCode, which was probably being used to generate fake clicks on adverts. DressCode can also be used to break into internal networks and retrieve potentially sensitive files.
Checkpoint highlighted another app containing malware called CallJam, which redirected infected Androids to websites to generate fraudulent money, in addition to calling premium-rate numbers. CallJam was embedded in “Gems Chest For Clash Royale”, which was downloaded up to half a million times.